Travis Reeder wrote:
> This sounds like something that should be tackled fairly quickly.
>
I am wondering what other frameworks do here, anyone know? is things
something that is tacked by routers before the request hits the
application? or is this something that can also be configured by the app
server?
Paul.
> Travis
>
> On Tue, Jul 22, 2008 at 4:24 AM, Paul Sandoz <Paul.Sandoz_at_sun.com
> <mailto:Paul.Sandoz_at_sun.com>> wrote:
>
> Harald Kirsch wrote:
>
> Hello,
>
> using jersey for the first time in an experimental application, I
> stumbled over a potential denial of service (DOS) attack against
> @POST
> resources. What happens if a user sends gigabytes of data? It
> seems that
> the body is parsed completely before my resource class or method
> would
> even see the data.
>
>
> Correct if not using a stream-based Java type.
>
>
>
> By that time an OutOfMemory exception has certainly
> happened already.
>
> Is there a parameter somewhere to limit the size of message
> bodies taken
> into account?
>
>
> This sounds like an appropriate case for using a filter (servlet or
> Jersey-based).
>
> Paul.
>
> --
> | ? + ? = To question
> ----------------\
> Paul Sandoz
> x38109
> +33-4-76188109
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> <mailto:users-unsubscribe_at_jersey.dev.java.net>
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
> <mailto:users-help_at_jersey.dev.java.net>
>
>
--
| ? + ? = To question
----------------\
Paul Sandoz
x38109
+33-4-76188109