httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <>
Subject Re: cvs commit: apache-1.3/src/main http_config.c http_core.c http_protocol.c
Date Mon, 10 Aug 1998 22:20:10 GMT
On Mon, 10 Aug 1998, Roy T. Fielding wrote:

> We just had this discussion yesterday, and now everybody changes
> their minds?

I don't recall discussing this.  I certainly never said anything either
way about run-time configurable limits.

> It doesn't make sense to allow people not compiling the server to
> change values that they need an understanding of the protocol and
> source code just to get right.  There is really no advantage to
> allowing a person to artificially shrink those values, and I am far
> too paranoid to allow them to fool with actual input buffer sizes.
> So -1 on that idea for the request-line and fieldsize limits.

-1 on your limit patch then, as it removes functionality from the server
and does not provide an alternative workaround that is compatible with
predistributed binaries.

I would be +1 on run-time configurable directives that have a minimum

> If you really want a configurable limit for number of fields,
> go ahead.  It has to be a per-server config since it is used
> before virtual-host/directory/location walks occur.



View raw message