[ http://issues.apache.org/jira/browse/HTTPCORE-4?page=all ]
Ortwin Glück updated HTTPCORE-4:
--------------------------------
Fix Version: 4.0-alpha2
> feature request: optional header limits to contain OOME risks
> -------------------------------------------------------------
>
> Key: HTTPCORE-4
> URL: http://issues.apache.org/jira/browse/HTTPCORE-4
> Project: Jakarta HttpCore
> Type: New Feature
> Components: HttpCore
> Versions: 4.0-alpha1
> Reporter: Gordon Mohr
> Fix For: 4.0-alpha2
>
> It would be desirable to be able to specify limits in the parsing of HTTP
> messages, so that impractically large content (inadvertently or maliciously)
> fails in a manageable way, rather than triggering an OutOfMemoryError.
> One possibility would be to set limits on HTTP header line lengths and number
> of headers; once exceeded, an exception would be thrown.
> Another would be to set a byte-total cap on how much content can be
> considered to contribute to the headers; past that cap, an exception would be
> thrown.
> A possible wrinkle would be implementing compatible limits at other places
> mid- or late-message where unbounded numbers of headers could again appear
> (multipart; chunked; footers).
> See also:
> http://issues.apache.org/jira/browse/HTTPCORE-3?page=all
> http://issues.apache.org/bugzilla/show_bug.cgi?id=25468
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
