httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ics.uci.edu>
Subject Re: cvs commit: apache-1.3/src/main http_config.c http_core.c http_protocol.c
Date Mon, 10 Aug 1998 21:40:27 GMT
>>   Fixed request limit change to be more portable.  Removed the server_rec
>>   variables since compile-time control of the request-line, fieldsize, and
>>   number of fields is sufficient.
>
>No time to really comment in detail, but I disagree with the above in
>principle.  We getting a *lot* of people using prepackaged binaries
>(RedHat, FreeBSD, ...), and making them recompile seems unfriendly.
>I'd much rather see run-time directives available for these.

We just had this discussion yesterday, and now everybody changes
their minds?

It doesn't make sense to allow people not compiling the server to
change values that they need an understanding of the protocol and
source code just to get right.  There is really no advantage to
allowing a person to artificially shrink those values, and I am far
too paranoid to allow them to fool with actual input buffer sizes.
So -1 on that idea for the request-line and fieldsize limits.

If you really want a configurable limit for number of fields,
go ahead.  It has to be a per-server config since it is used
before virtual-host/directory/location walks occur.

....Roy

Mime
View raw message