tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: maxParameterCount not applied to multipart requests
Date Mon, 07 May 2012 21:10:50 GMT
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Mark,
> 
> On 5/6/12 5:05 AM, Mark Thomas wrote:
>> On 05/05/2012 12:25, Kanatoko wrote:
>>> Hello list,
>>>
>>> It seems that the Connector attribute "maxParameterCount" is not
>>> applied to multipart requests.
>> Correct. This is by design.
> 
> Doesn't that make it trivial to launch a DOS on a server by simply
> using multipart/form-data?
> 
> Why not limit parameters for multipart messages?

Impish guess : because "by design" means that it is a lot harder to go dig into the code 
borrowed from Commons/FileUpload and to modify it to find out and limit the number of 
parameters ?
(and probably a "patches welcome" to follow)


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message