Comment #6 on issue 669 by [email protected]: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
4KB is too little, it will break forward compatibility in most cases.
People prefer binary encoding like google protocol buffer as the data on
wire is bigger in size. I believe that there might be some genuine cases
where we need to set a high message limit say 30Mb. If a attacker sends a
message with 1kb required field & 28MB optional fields then the parser
would successfully unpack the data. After that the application would keep
the message in memory for further processing. If these messages get
accumulated after a while the system memory fills up causing DoS. Setting a
message limit actually reduces these attacks. Better option would be to
avoid optional fields for some message.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups "Protocol
Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/protobuf.
For more options, visit https://groups.google.com/d/optout.
