Return-Path: Delivered-To: new-httpd-archive@hyperreal.org Received: (qmail 29711 invoked by uid 6000); 10 Aug 1998 22:11:24 -0000 Received: (qmail 29702 invoked from network); 10 Aug 1998 22:11:22 -0000 Received: from paris.ics.uci.edu (mmdf@128.195.1.50) by taz.hyperreal.org with SMTP; 10 Aug 1998 22:11:22 -0000 Received: from kiwi.ics.uci.edu by paris.ics.uci.edu id aa11049; 10 Aug 98 14:40 PDT To: new-httpd@apache.org Subject: Re: cvs commit: apache-1.3/src/main http_config.c http_core.c http_protocol.c In-reply-to: Your message of "Mon, 10 Aug 1998 08:31:46 EDT." <35CEE832.5F63111F@Golux.Com> Date: Mon, 10 Aug 1998 14:40:27 -0700 From: "Roy T. Fielding" Message-ID: <9808101440.aa11049@paris.ics.uci.edu> Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org >> Fixed request limit change to be more portable. Removed the server_rec >> variables since compile-time control of the request-line, fieldsize, and >> number of fields is sufficient. > >No time to really comment in detail, but I disagree with the above in >principle. We getting a *lot* of people using prepackaged binaries >(RedHat, FreeBSD, ...), and making them recompile seems unfriendly. >I'd much rather see run-time directives available for these. We just had this discussion yesterday, and now everybody changes their minds? It doesn't make sense to allow people not compiling the server to change values that they need an understanding of the protocol and source code just to get right. There is really no advantage to allowing a person to artificially shrink those values, and I am far too paranoid to allow them to fool with actual input buffer sizes. So -1 on that idea for the request-line and fieldsize limits. If you really want a configurable limit for number of fields, go ahead. It has to be a per-server config since it is used before virtual-host/directory/location walks occur. ....Roy