Harald Kirsch wrote:
> Hello,
>
> using jersey for the first time in an experimental application, I
> stumbled over a potential denial of service (DOS) attack against @POST
> resources. What happens if a user sends gigabytes of data? It seems that
> the body is parsed completely before my resource class or method would
> even see the data.
Correct if not using a stream-based Java type.
> By that time an OutOfMemory exception has certainly
> happened already.
>
> Is there a parameter somewhere to limit the size of message bodies taken
> into account?
>
This sounds like an appropriate case for using a filter (servlet or
Jersey-based).
Paul.
--
| ? + ? = To question
----------------\
Paul Sandoz
x38109
+33-4-76188109