Yes, I guess that could work.
But then you can still do node.1000000.json which results in the same
thing.
I took the liberty to write a patch which checks the amount of
resources will be in the result.
If the result is bigger than a pre-defined OSGi property (ex: 200
resources) it will send a 206
partial content with the dump of 200 resources and will ignore the rest.
It can be found at http://codereview.appspot.com/186072
Simon
On 10 Jan 2010, at 16:43, Eric Norman wrote:
One option would be to register your own script (or servlet) that also
matches the same selector [+extension]. Since your script would be
a closer
match than the default get servlet, it should use your script instead.
For example, create an esp script @
apps/sling/servlet/default/infinity.json.esp
The content of the infinity.json.esp script could just send a 404
error to
the response.
<%
response.sendError(404);
%>
On Fri, Jan 8, 2010 at 9:18 AM, Simon Gaeremynck <[email protected]
>wrote:
Hi,
Is there any way of disable or restricting the node.infinity.json
selector.
We have quite a bit of content and when we do a .infinity.json on
our root
node this causes the server to grind to a halt.
It looks like it's internal to JsonRendererServlet but I might be
overseeing something.
This looks to me like a potential hole for a DOS attack.
Kind regards,
Simon
