From user-return-22002-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Thu Sep 6 19:31:55 2012 Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AD045D194 for ; Thu, 6 Sep 2012 19:31:55 +0000 (UTC) Received: (qmail 4586 invoked by uid 500); 6 Sep 2012 19:31:54 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 4552 invoked by uid 500); 6 Sep 2012 19:31:54 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 4543 invoked by uid 99); 6 Sep 2012 19:31:54 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Sep 2012 19:31:54 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=FSL_RCVD_USER,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [209.85.215.52] (HELO mail-lpp01m010-f52.google.com) (209.85.215.52) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Sep 2012 19:31:47 +0000 Received: by lage4 with SMTP id e4so1243796lag.11 for ; Thu, 06 Sep 2012 12:31:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:content-type:x-gm-message-state; bh=BfAQtRl3daVzuB5HJKClcaz2GaW8tIvJe4OtQQ4RQJQ=; b=lYdbHw46xZBJcp5vuQ3C7ff9LwOpfh8wW0AHoj+ZA835wfngtKFv4OqNZ0xFM7zHXL WJ4b2tjCOrKJlvmymmxxaYIv5pBDIAHTl9nDSNGXE8qd7aCqRF8AAX7qmjlG79EIiPYS t4kEJ2S5wmLFiUqIrUXgQl5+glTbPViQRvahToRof6c86M3gJ0risH4wyvnk+8Ldxn5O opxnhvRkG7vsnRe1s7UKs/nauzDacsb2V8Oz7bmuuroCr3k3v6t1LLTteJjbGyjjujrn ZVKwzmI+t33+Rf+6v8/PyPl/TpuTazvKWMkW44K3CcZyUNZZ/ZofUSWyJvp72Puf8OJe cdPQ== Received: by 10.152.162.10 with SMTP id xw10mr2993729lab.12.1346959886730; Thu, 06 Sep 2012 12:31:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.114.74.196 with HTTP; Thu, 6 Sep 2012 12:31:06 -0700 (PDT) X-Originating-IP: [68.5.117.177] In-Reply-To: References: <2C95F28B-EF18-449D-BB57-4C9E243C9F68@apache.org> From: Mark Hahn Date: Thu, 6 Sep 2012 12:31:06 -0700 Message-ID: Subject: Re: Limiting doc size to prevent malicious use To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=f46d042f92ec93462f04c90d8973 X-Gm-Message-State: ALoCoQkcYzbbbkVGpfhEMGrJE84Jlz59yIu2IRc/r6o2/fd4aXeyz8lTJYrsqt7BbsXvYE5UEXhR --f46d042f92ec93462f04c90d8973 Content-Type: text/plain; charset=ISO-8859-1 I am. I couldn't live without nginx. (And node and couchdb). On Thu, Sep 6, 2012 at 12:27 PM, Dave Cottlehuber wrote: > On 6 September 2012 20:50, Robert Newson wrote: > > function(doc) { > > if (JSON.stringify(doc).length > limit) { > > throw({forbidden : "doc too big" > > } > > } > > > > With the caveat that this is inefficient and horrible. > > > > B. > > And from a network-based (D)DOS, the damage is already done because it > was sent & parsed muahahaha. But at least you'll not be storing that > in the DB. > > Has anybody using nginx or apache to enforce a hard limit? e.g. > http://wiki.nginx.org/HttpCoreModule#client_max_body_size > > A+ > Dave > --f46d042f92ec93462f04c90d8973--