Hey everyone, i would like to use protobuf for a publicly accessible application. As the general rule is to never trust the client, how can I make sure they(aka bad people) don't send a lot of "wrong" strings with maximum length (2^32) but no actual string data following to spam the server? If I am right, the server will then try to allocate the required length(up to 2 GB) for the string and then fails to read it, leading to a huge impact on performance, maybe even the application running out of memory. It would be nice to be able to specify a max-length for strings, byte streams and lists in the .proto file in order to avoid such problems. Or isn't this a problem at all? Why?
Thank you very much, Moritz -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/protobuf/b678da91-ae13-426e-a186-bea9a290ffd8%40googlegroups.com.
