couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: Limiting doc size to prevent malicious use
Date Thu, 06 Sep 2012 18:50:40 GMT
function(doc) {
  if (JSON.stringify(doc).length > limit) {
    throw({forbidden : "doc too big"
  }
}

With the caveat that this is inefficient and horrible.

B.

On 6 Sep 2012, at 18:50, Wordit wrote:

> On Thu, Sep 6, 2012 at 7:35 PM, Robert Newson <rnewson@apache.org> wrote:
>> 
>> validate_doc_update is your only other option. It won't stop the attempt, though,
but at least you can reject the write itself.
> 
> Thanks, I've been wondering how to achieve this. I can test the size
> of each field, but a malicious user can create a new field to dump the
> data in, right?
> 
> A require function assures certain fields exist, but can you limit the
> fields to specific names? That way, you know which fields to check the
> string lengths of.
> 
> Thanks,
> 
> Marcus


Mime
View raw message