geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack Cai (JIRA)" <>
Subject [jira] Commented: (GERONIMO-4874) Improve the console filter performance
Date Sun, 20 Sep 2009 08:37:16 GMT


Jack Cai commented on GERONIMO-4874:

Thanks for the comments!

Currently there are two types of "broken" that need to be taken care of:

1. If the outputstream is used when writting out the page, need to take care of the case where
the bytes of one charactor is written in multiple batches
2. Need to take care of the case where the keyword (i.e. &lt;/body&gt;) is written
in multiple batches, just as Jarek described

Both cases are currently handled using NIO buffers. 

For 1, I will decode as much bytes as possible into characters and buffer the incomplete bytes
for the next decoding/scanning operation. See the code of SubstituteResponseOutputStream.decodeBuffer().
For 2, I will push back the last 6 characters back to the buffer for the next scanning operation.
See the code of SubstituteUtil.processSubstitute().

Hope this explains.

> Improve the console filter performance
> --------------------------------------
>                 Key: GERONIMO-4874
>                 URL:
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 2.1.4, 2.1.5, 2.2, 3.0
>         Environment: All
>            Reporter: Jack Cai
>            Priority: Minor
>         Attachments: GERONIMO-4874.patch, GERONIMO-4874_0918.patch
> Current console filter for blocking XSRF attack does not scale well as it need to read
all the output into a string and then do some text replacement. This will use a lot of memory
in extreme cases. See the discussion [1].
> [1]

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message