Proposal: Collect performance metrics #9
Description
Description
We assume by standard operating that the JSON-RPC interface will sit behind load-management services such as load balancers, DDoS protection services, etc. However, there may be some operations in this service that are so resource expensive they continue to pose a DoS vector, especially when load management software is unaware of application-level context. (For example, a common web DoS technique is the "WordPress XMLRPC flood", which targets certain expensive operations in WordPress.)
By collecting some stats on the load of various operations accessible through the JSON-RPC interface on "typical" hardware specs, we can highlight any obvious vectors for DoS that may require special security controls such as application-level rate limiting.