hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (HTTPCLIENT-581) Memory overflow protection for getResponseBody()
Date Fri, 02 Jun 2006 12:31:30 GMT
     [ http://issues.apache.org/jira/browse/HTTPCLIENT-581?page=all ]
     
Oleg Kalnichevski resolved HTTPCLIENT-581:
------------------------------------------

    Resolution: Won't Fix

Won't fix for the following reason: 

The use of HttpMethod#getResponseBody is strongly discouraged as of release 2.0.2. This method
will be completely removed in the release 4.0. It's broken, wrong and should have never been
there in the first place. Content processing is an application level aspect, not a transport
level one. Memory overflow risks in this particular instance must be addressed at the appropriate
level.

Oleg

> Memory overflow protection for getResponseBody()
> ------------------------------------------------
>
>          Key: HTTPCLIENT-581
>          URL: http://issues.apache.org/jira/browse/HTTPCLIENT-581
>      Project: Jakarta HttpClient
>         Type: Improvement

>   Components: HttpClient
>     Versions: 2.0.2, 3.0 Final, 3.0.1
>     Reporter: Wouter Zelle
>     Priority: Minor

>
> Currently we are using getResponseBodyAsString() in our production code, which calls
getResponseBody() . This method logs a warning since version 2.0.2 ("Going to buffer response
body of large or unknown size. Using getResponseBodyAsStream instead is recommended."). I
want to get rid of those warnings. The suggestion is to use getResponseAsStream for two reasons:
> 1. Performance
> 2. Memory overflow risks
> The first is a valid reason to change, but should not be mandated by a library IMO. It's
my call as an application developer to balance the risks against the rewards of refactoring
the code. The second reason is more important, but it can be handled by the getResponseBody
method itself. My suggestion is to add a new Http Method Param: "http.method.response.maximum.size".
Setting this parameter to a value in bytes should then:
> 1. Result in an exception if the received message is larger than the supplied size.
> 2. No longer warn the user to use getResponseBodyAsStream (by setting the max size, I've
also accepted the performance penalty of getResponseBodyAsString()).
> Another alternative to get rid of the warning is to create a custom implementation of
getResponseBodyAsString(), which was suggested to someone else by a HttpClient developer:
> http://mail-archives.apache.org/mod_mbox/jakarta-httpclient-user/200411.mbox/%3c1101592381.3308.26.camel@localhost.localdomain%3e
> I consider this unacceptable because:
> 1. I don't want to maintain this code.
> 2. The suggested code in no way resolves the memory overflow issue, so I consider it
a hack to get rid of the warning.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message