TomazM wrote:
> Jochen Wiedmann wrote:
>> On Thu, Jul 17, 2008 at 10:54 AM, tomaz <[EMAIL PROTECTED]> wrote:
>>
>>> Is there the way of any other type of Authentication in 3.1.x, to pass the
>>> Kerberos ticket
>> Could be done by sending a cookie.
>>
>> Jochen
>>
> On http://ws.apache.org/xmlrpc/advanced.html write "Note, that this means
> losing the XmlRpcClients multithreading abilities!" so this is not a good
> solution. I wonder why is the limitation in HTTP header, in HTTP RFC there is
> no limits of how long is message(maybe attacker will put 2G in header).
>
> Is there any example or documentation(not API) how you read this cookie on
> server side?.
>
> TomazM
>
>
Is in xmlrpc 3.1 specification any limitation of HTTP Headers?
SEVERE: HTTP Header too long
java.io.IOException: HTTP Header too long
at org.apache.xmlrpc.util.HttpUtil.readLine(HttpUtil.java:138)
