Hi Paul,
thanks for the fast answer.
Am 22.07.2008 13:24 schrieb Paul Sandoz:
> Harald Kirsch wrote:
>> Hello,
>>
>> using jersey for the first time in an experimental application, I
>> stumbled over a potential denial of service (DOS) attack against @POST
>> resources. What happens if a user sends gigabytes of data? It seems that
>> the body is parsed completely before my resource class or method would
>> even see the data.
>
> Correct if not using a stream-based Java type.
Ok, that would do it at least for my application, since I am using
InputStream. But what I get is actually a ByteArrayInputStream and so I
am afraid the input was first completely read into memory.
Harald.
--
--------------+---------------------------------------------
Harald Kirsch | pifpafpuf bei gmx punkt de