Hi Stas,
On Wed, 3 Dec 2003, Stas Bekman wrote:
{ local $/; my $post_data = <STDIN>; } # [snip]
BTW, that local $/ is not needed because mp1 implements READLINE as:
#shouldn't use <STDIN> anyhow, but we'll be nice
sub READLINE {
my $r = shift;
my $line;
$r->read($line, $r->header_in('Content-length'));
$line;
}It's a good practice to keep it though and not rely on the particular implementation.
The above technique is a wide open invitation for DoS attacks...
I'm not sure that the technique bears full responsibility for any
DoS risk, but even so I don't think I impled that my one line of code reduced the need for vigilance... :)
Sure, I wasn't attributing anything to your code Ged, just extending on the topic, for those unware. Most users use CGI.pm and Apache::Request which give you the tools to deal with DoS. So this is just for those who do it on their own.
In fact as you can see above Apache's READLINE is DoS-prone (since it reads the whole C-L).
__________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
-- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html
