Hi Simon, On 11.01.2010 19:01, Simon Gaeremynck wrote: > Yes, I guess that could work. > > But then you can still do node.1000000.json which results in the same > thing. > > I took the liberty to write a patch which checks the amount of resources > will be in the result. > If the result is bigger than a pre-defined OSGi property (ex: 200 > resources) it will send a 206 > partial content with the dump of 200 resources and will ignore the rest. > > It can be found at http://codereview.appspot.com/186072
This looks interesting. Tough instead of limiting the number of reosources to return, I would limit the number of levels to return. WDYT ? Regards Felix > > Simon > > > On 10 Jan 2010, at 16:43, Eric Norman wrote: > >> One option would be to register your own script (or servlet) that also >> matches the same selector [+extension]. Since your script would be a >> closer >> match than the default get servlet, it should use your script instead. >> >> For example, create an esp script @ >> apps/sling/servlet/default/infinity.json.esp >> >> The content of the infinity.json.esp script could just send a 404 >> error to >> the response. >> <% >> response.sendError(404); >> %> >> >> >> On Fri, Jan 8, 2010 at 9:18 AM, Simon Gaeremynck >> <[email protected]>wrote: >> >>> Hi, >>> >>> Is there any way of disable or restricting the node.infinity.json >>> selector. >>> We have quite a bit of content and when we do a .infinity.json on our >>> root >>> node this causes the server to grind to a halt. >>> It looks like it's internal to JsonRendererServlet but I might be >>> overseeing something. >>> >>> This looks to me like a potential hole for a DOS attack. >>> >>> >>> Kind regards, >>> >>> Simon >>> > >
