This sounds like something that should be tackled fairly quickly.
Travis
On Tue, Jul 22, 2008 at 4:24 AM, Paul Sandoz <Paul.Sandoz_at_sun.com> wrote:
> Harald Kirsch wrote:
>
>> Hello,
>>
>> using jersey for the first time in an experimental application, I
>> stumbled over a potential denial of service (DOS) attack against @POST
>> resources. What happens if a user sends gigabytes of data? It seems that
>> the body is parsed completely before my resource class or method would
>> even see the data.
>>
>
> Correct if not using a stream-based Java type.
>
>
> By that time an OutOfMemory exception has certainly
>> happened already.
>>
>> Is there a parameter somewhere to limit the size of message bodies taken
>> into account?
>>
>>
> This sounds like an appropriate case for using a filter (servlet or
> Jersey-based).
>
> Paul.
>
> --
> | ? + ? = To question
> ----------------\
> Paul Sandoz
> x38109
> +33-4-76188109
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>
>