tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maurizio Lotauro" <>
Subject Re: Authentication behaviour
Date Fri, 10 Oct 2008 14:57:33 GMT
On 9 Oct 2008 at 14:16, Christopher Schultz wrote:

> Maurizio,


> Maurizio Lotauro wrote:
> > On 6 Oct 2008 at 14:58, Christopher Schultz wrote:


> If you are writing network code, you need to handle disconnects at
> any time.

This is handled, but in that case there is no need to send the rest of request.

> >> That's a reasonable interpretation of the spec, but obviously
> not
> >> a practical one.
> > 
> > Even omitting "and interpreting"?
> Sure. The server can interpret part of the request and respond
> whenever
> it wants. Here's another good example: some servers have a
> file-size
> upload limit. If the server were required to process the entire
> file
> upload before rejecting it (based upon the Content-Length header),
> attacks would be trivial to mount against any web server.

This is a good point. But I suppose that in this case the server also close the connection,

otherwise it would be useless.
In our case the connection is keep alive.

BTW what is the status code in that case?


> I think my file upload example is a compelling one.

If the connection is closed by the server then it is a different situation.

Bye, Maurizio.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message