tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jess Holle <je...@ptc.com>
Subject Re: Form Authentication POST data not preserved?
Date Sun, 05 Feb 2012 18:37:57 GMT
On 2/5/2012 12:22 PM, Konstantin Kolinko wrote:
> 2012/2/5 Jess Holle <jessh@ptc.com>:
>> Also it strikes me that maxSavePostSize should really be backed up by a use
>> of a SoftReference in SavedRequest.
>>
>> This would allow one to allow relatively large POST bodies to be saved
>> unless/until this threatened to consume the JVM's overall memory resources,
>> at which point the POST bodies could be dropped.
>>
>> As it stands now one has to choose between vicious treatment of large POST
>> bodies (i.e. dropping all the user's data) and opening oneself wide open to
>> quick and easy (and possibly accidental) DOS attacks.
>>
> Interesting idea. I think it is worth filing an enhancement request.
> Though I see the following caveat:
>
> Using SoftReference here will lead to non-deterministic behaviour. I
> wonder whether admins will be puzzled by this feature.  Though this
> can be solved by logging an INFO message wrapped by
> org.apache.juli.logging.UserDataHelper.
Yeah, there is the element of uncertainty as to how strongly a 
SoftReference really holds on to its data, etc.

This would be nice "opt in" behavior if nothing else.

--
Jess Holle


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message