incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <...@jsonified.com>
Subject Re: Limiting doc size to prevent malicious use
Date Thu, 06 Sep 2012 19:27:50 GMT
On 6 September 2012 20:50, Robert Newson <rnewson@apache.org> wrote:
> function(doc) {
>   if (JSON.stringify(doc).length > limit) {
>     throw({forbidden : "doc too big"
>   }
> }
>
> With the caveat that this is inefficient and horrible.
>
> B.

And from a network-based (D)DOS, the damage is already done because it
was sent & parsed muahahaha. But at least you'll not be storing that
in the DB.

Has anybody using nginx or apache to enforce a hard limit? e.g.
http://wiki.nginx.org/HttpCoreModule#client_max_body_size

A+
Dave

Mime
View raw message