thank you, updated with a note. Strange that search didnt find it. Ian On 22 Jan 2010, at 14:00, John Crawford wrote:
> Here is one reference > http://cwiki.apache.org/SLING/using-curl-with-sling.html > > Respectfully, > John > > > > On Thu, Jan 21, 2010 at 4:43 PM, Ian Boston <[email protected]> wrote: > >> I have searched, and I cant find where "infinity" is documented on the >> Sling web site, any pointers ? >> >> Ian >> >> On 21 Jan 2010, at 22:27, Ian Boston (JIRA) wrote: >> >>> >>> [ >> https://issues.apache.org/jira/browse/SLING-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803510#action_12803510] >>> >>> Ian Boston commented on SLING-1308: >>> ----------------------------------- >>> >>> Patch applies ok and the integration tests passes. >>> >>> However, I have reverted the changes to the Sling API to eliminate the >> need to depend on a later version of the API. >>> Also there was a license header missing, added in. >>> >>> Other than that LGTM, >>> I will go and find the doc and update that as well. >>> >>>> Node.infinity.json contains risk for DOS. >>>> ----------------------------------------- >>>> >>>> Key: SLING-1308 >>>> URL: https://issues.apache.org/jira/browse/SLING-1308 >>>> Project: Sling >>>> Issue Type: Bug >>>> Components: Servlets >>>> Affects Versions: Servlets Get 2.0.8 >>>> Reporter: Simon Gaeremynck >>>> Assignee: Ian Boston >>>> Priority: Critical >>>> Attachments: jsonRenderer.diff, jsonRenderer.diff >>>> >>>> >>>> As it is now any user can do a node.infinity.json . >>>> If this happens on the root node in a repository with many items, it >> will cause the server to slow down (eventually crash?) >>>> I've created a patch confirming the discussion @ >> http://markmail.org/search/?q=node.infinity#query:node.infinity+page:1+mid:ugqjyqdz2trfpdkr+state:results >>> >>> -- >>> This message is automatically generated by JIRA. >>> - >>> You can reply to this email to add a comment to the issue online. >>> >> >>
