mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Trustin Lee" <trus...@gmail.com>
Subject Re: [1.0] Three questions concerning object serialization and MINA
Date Thu, 07 Dec 2006 10:06:48 GMT
Hi Sven,

On 12/7/06, Sven Panko <Sven.Panko@proximity.de> wrote:
>
> > > My last question concerns the different default max object sizes in
> the
> > > en- and decoder implementations - is there a reason why the encoder
> may
> > > encode objects up to Integer.MAX_VALUE, but the decoder refuses
> anything
> > > above 1MB? Are you aware of some known issues concerning memory
> > > consumption if I set the max object size of the decoder to
> > > Integer.MAX_VALUE as well?
> >
> >
> > I thought decoder should be more restrictive in receiving a big object
> > because of the rick of DoS attack.  That's all.  If there's consensus on
> > changing the default value, we can change it, too.  :)
>
> Ok, just what I thought. The default value is fine - I think a short note
> in the JavaDoc stating that the max object size in decoder is set to a
> lower value because of possible DoS attacks would be nice. The reason that
> this doesn't affect me directly at the object serialization level is
> because of the fact I use SSL with client certs and the SSL filter
> prevents connections with invalid certs prior of a possible DoS attack (or
> am I mistaken?).


You are right.  We need to update the documentation.

Trustin
-- 
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP key fingerprints:
* E167 E6AF E73A CBCE EE41  4A29 544D DE48 FE95 4E7E
* B693 628E 6047 4F8F CFA4  455E 1C62 A7DC 0255 ECA6

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message