httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: ftp glob/limits?
Date Tue, 15 May 2007 12:45:27 GMT
On May 14, 2007, at 4:18 PM, William A. Rowe, Jr. wrote:

> What would folks think about changing
>
>     if (ap_strchr_c(arg, '*') != NULL) {
>         /* Prevent DOS attacks, only allow one segment to have a  
> wildcard */
>         int found = 0;           /* The number of segments with a  
> wildcard */
>
> to permit multiple wildcards, but to restrict the number of matches
> returned (configurable with a directive, of course)?
>
> Over a small pattern space, uploads/*/* is often very useful.
>
> What would be the sane default?  1,000 entries?
>

In my mind, that's the problem. If you allow multiple wildcards
then you shouldn't limit the returned entries, because how
does the client have any idea that you've done so...
In other words, how does it know that foo.java doesn't
exist because it really doesn't exist or rather it
would have been the 1001st entry :)

Mime
View raw message