On Mar 6, 2013, at 7:38 AM, "Poul-Henning Kamp" <[email protected]> wrote:
> In message <[email protected]>, Nils Goroll writes: > >> IIUC to exploit any of these one would need access to a backend or at least >> some >> way to make a backend produce certain response headers. > > They contacted me up front, I told them we don't consider it a security > problem, because Varnish has to trust the backend being sensible. > > We'd be just as hosed if the backend started sending only 1TB objects. > > -- Thank you for that very pragmatic and mature view of the world. Cheers Artur For the sarcasm deficient people out there, this email contains 1000% sarcasm. _______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
