tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-catalina/webapps/docs changelog.xml
Date Thu, 12 May 2005 12:28:30 GMT
Tim Funk wrote:
> Would it be worthwhile to use a new property?
> 
> maxSavePostSize - The max size of a post to save. 0 for unlimited, -1 to 
> disable saving post.
> 
> Of course this doesn't mitigate a malicious person issuing many POSTS 
> under the configured threshold.

I think I disagree. Even if you are not trying to do a DoS, it is very 
easy to do it non intentionally if you save any post data (file upload).

We'd need to restrict saved POST size severely, as well as restrict more 
by default any form POST data.

Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message