Comment #6 on issue 669 by d.vas...@gmail.com: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
4KB is too little, it will break forward compatibility in most cases.
People prefer binary encoding like google protocol buffer as the data on
wire is bigger in size. I believe that there might be some genuine cases
where we need to set a high message limit say 30Mb. If a attacker sends a
message with 1kb required field & 28MB optional fields then the parser
would successfully unpack the data. After that the application would keep
the message in memory for further processing. If these messages get
accumulated after a while the system memory fills up causing DoS. Setting a
message limit actually reduces these attacks. Better option would be to
avoid optional fields for some message.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups "Protocol
Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to protobuf+unsubscr...@googlegroups.com.
To post to this group, send email to protobuf@googlegroups.com.
Visit this group at http://groups.google.com/group/protobuf.
For more options, visit https://groups.google.com/d/optout.