httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bray <Tim.B...@Sun.COM>
Subject Frightened of ap_xml_parse_input
Date Wed, 23 May 2007 00:44:37 GMT
Gosh, this looks convenient.  Suppose someone malicious POSTS a  
jabber-style endless pipe?   Or suppose that as a matter of policy I  
simply don't want to accept something bigger than X, for some value  
of X.  Are there any throttles or memory caps or whatever?

I'm kind of surprised at mod_dav cheerfully pointing this at, well,  
whatever got pushed up the pipe.


View raw message