Hi! > That's exactly what we don't want - let the attacker to end our request.
Why not? What else you can do with this request that has clearly bad and maliciously constructed data? > All other things like string overflows and memory limits are under our > control (e.g. we can set limit on the server and reject such requests) Not sure I understand what you mean. How exactly memory limits are under your control? If somebody sends a request that blows up your memory limit, how you control it? In fact, if somebody sends, say, a POST that goes above your post limit - how you handle it without terminating the request? -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php