incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hahn <m...@hahnca.com>
Subject Re: Limiting doc size to prevent malicious use
Date Thu, 06 Sep 2012 19:31:06 GMT
I am.  I couldn't live without nginx.  (And node and couchdb).

On Thu, Sep 6, 2012 at 12:27 PM, Dave Cottlehuber <dch@jsonified.com> wrote:

> On 6 September 2012 20:50, Robert Newson <rnewson@apache.org> wrote:
> > function(doc) {
> >   if (JSON.stringify(doc).length > limit) {
> >     throw({forbidden : "doc too big"
> >   }
> > }
> >
> > With the caveat that this is inefficient and horrible.
> >
> > B.
>
> And from a network-based (D)DOS, the damage is already done because it
> was sent & parsed muahahaha. But at least you'll not be storing that
> in the DB.
>
> Has anybody using nginx or apache to enforce a hard limit? e.g.
> http://wiki.nginx.org/HttpCoreModule#client_max_body_size
>
> A+
> Dave
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message