[
https://issues.apache.org/jira/browse/TIKA-3582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17434488#comment-17434488
]
Tim Allison commented on TIKA-3582:
-----------------------------------
The other security concern is that clients can now specify a very short timeout
and force the server to restart pretty much at will, causing DoS.
We could move this feature to require "enableUnsecure"? Or we could document
"you are on your own if you are hosting a Tika server and you're opening it to
requests to clients you don't trust."
Let me know what you think.
> Tika does not respect a configuration value passed over a HTTP Header
> ---------------------------------------------------------------------
>
> Key: TIKA-3582
> URL: https://issues.apache.org/jira/browse/TIKA-3582
> Project: Tika
> Issue Type: Bug
> Components: server
> Affects Versions: 2.1.0
> Reporter: dataminer.accolade
> Assignee: Tim Allison
> Priority: Major
> Fix For: 2.1.1
>
> Attachments: sampleimage.png
>
>
>
> I think the value of TikaServerConfig.TaskTimeoutMillis should be overridden
> for the current request over *X-Tika-OCRTimeoutSeconds* header. The following
> request takes more than 120 seconds.
> *curl -vvv -X PUT -T sampleimage.png http://localhost:9998/tika --header
> "X-Tika-OCRTimeoutSeconds: 600"*
>
> Tesserect is configured with tessdata_best models
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
