Comment #4 on issue 669 by oliver.j...@gmail.com: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
Can you explain how the DoS attack would work with a message limit of, say,
4kB?
--
You received this message because this
Comment #5 on issue 669 by d.vas...@gmail.com: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
Setting a message limit actually reduces these attacks. 4KB is too little,
it will break forward compatibility in most cases.
Comment #6 on issue 669 by d.vas...@gmail.com: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
4KB is too little, it will break forward compatibility in most cases.
People prefer binary encoding like google protocol buffer as
Comment #7 on issue 669 by oliver.j...@gmail.com: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
If you require a 30MB limit for correct operation, with no optional fields,
and you retain this data, why can't an attacker send
Comment #1 on issue 669 by oliver.j...@gmail.com: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
Why are you accepting gigabytes of data from an unauthenticated user in the
first place? If you are allowing that, there are
Comment #2 on issue 669 by d.vas...@gmail.com: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
We can always use message limits to drop messages which are larger in size.
Its better we have a explicit way to disable optional
Comment #3 on issue 669 by d.vas...@gmail.com: Disabling backward
compatibility for some messages only
https://code.google.com/p/protobuf/issues/detail?id=669
We can always use message limits to drop messages which are larger in size.
Its better we have a explicit way to disable optional