On 3 Dec 2003 at 14:26, Stas Bekman wrote:
Hi Stas and Ged
Many thanks for your great support!
READLINE works perfectly!
regards,
Josi Ender
> Ged Haywood wrote:
> > Hi Stas,
> >
> > On Wed, 3 Dec 2003, Stas Bekman wrote:
> >
> >
> >>{ local $/; my $post_data = <STDIN>; } # [snip]
>
> BTW, that local $/ is not needed because mp1 implements READLINE as:
>
> #shouldn't use <STDIN> anyhow, but we'll be nice
> sub READLINE {
> my $r = shift;
> my $line;
> $r->read($line, $r->header_in('Content-length'));
> $line;
> }
>
> It's a good practice to keep it though and not rely on the particular
> implementation.
>
> >>The above technique is a wide open invitation for DoS attacks...
> >
> >
> > I'm not sure that the technique bears full responsibility for any
> > DoS risk, but even so I don't think I impled that my one line of code
> > reduced the need for vigilance... :)
>
> Sure, I wasn't attributing anything to your code Ged, just extending on the
> topic, for those unware. Most users use CGI.pm and Apache::Request which give
> you the tools to deal with DoS. So this is just for those who do it on their own.
>
> In fact as you can see above Apache's READLINE is DoS-prone (since it reads
> the whole C-L).
>
>
> __________________________________________________________________
> Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
> http://stason.org/ mod_perl Guide ---> http://perl.apache.org
> mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
> http://modperlbook.org http://apache.org http://ticketmaster.com
>
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
