Chris,
Please see my comments in-line
On Fri, 2003-10-10 at 18:29, Christian Kohlschuetter wrote:
> I completely agree with you that we all should write standards-compliant HTTP
> web pages/CGI programs/Servlets etc.
>
> Unfortunately, it is not always in our hands. As nearly everybody can write
> PHP scripts today, clients which attempt to read from them, should be
> error-tolerant.
I wholeheartedly agree that HttpClient should have a high degree of
error-tolerance, but I do not think that the stock version of HttpClient
should contain safe-guards against deliberate attempts to screw things
up. What you are doing is a fairly specific application that may not
represent the needs of the majority of HttpClient user base.
I recognise that existing architecture is not flexible enough, for
instance, to let you plug in your own implementation of HTTP header
parser. We are well aware of the problem and are planning to address it
in our next major release.
> Let's have a simple HttpClient command constellation:
>
> public void test() {
> HttpClient client = new HttpClient();
> HttpMethod m = new GetMethod("http://localhost/testfile.php";);
> client.executeMethod(m);
>
> // --- bytes limit as suggested in discussion
> InputStream body = m.getResponseBodyAsStream();
> int limit = 10; // limit to first ten bytes
> int i;
> for(i=0;i<=limit;i++) {
> int b = body.read();
> if(b < 0) {
> break;
> }
> }
> System.err.println("EOF at byte "+i);
> // ---
>
> m.releaseConnection();
> }
>
> The following PHP scripts will cause HttpClient to loop endlessly (1) or to
> hang (2):
> Test 1: endless.php
> <?php
> set_time_limit(-1);
> while(TRUE) {
> print "The UNIX time is ".time()."<br>\n";
> flush();
> sleep(1);
> }
> ?>
>
What you need here is a method to abort an HTTP request. This is a known
problem:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20288
Resolution of this problem is targeted for the 2.1 release. Patches
happily accepted.
> will cause the program hang at "m.releaseConnection()"
>
>
> Test 2: hang-in-headers.php
> <?php
> // remember to set an adequate memory limit in php.ini
> // or use Apache's "asis"-feature instead of PHP
>
> $x = str_repeat("X",1024*1024*32); // send 32M of 'X'
> Header("HTTP/1.0 300 Multiple Choices");
> Header("Location: http://localhost/".$x);
> ?>
>
> In this case it will crash with OutOfMemoryError because 32M won't usually
> fit into the JVM's memory when parsing Headers.
>
Sending a 32MB worth of stuff in the header, is kind of, well, unwise in
my humble opinion. I seriously doubt that the stock version of
HttpClient should provide check against this kind of 'creativity'.
Cheers
Oleg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
