Hi Jeff, I'm not sure why you can't just increase the limit if you run into this problem, but I am not opposed to making this change on principal.
I'm very intrigued by the idea of a PostProcessor which limits the number of nodes at a particular point in the hierarchy, but that's not going to be 100% effective as Sling doesn't "own" the repository per se. Justin On Thu, Dec 1, 2011 at 4:26 PM, Jeff Young <j...@adobe.com> wrote: > The intent behind the limitation seems sound, but the implementation has (to > my mind) a slight flaw. > > A legitimate client which needs the information could presumably implement > its own traversal to descend the tree. But this only works if the json > servlet is always allowed to return at least a depth of 1. The current > implementation limits the depth to 0 if the node in question has more than > the limit number of children. > > I was discussing this with Alex, who pointed out that the intent was to be > defensive. However, if we really want to limit the *number of children* a > node can have, then we ought to do that elsewhere. Given that a node *does* > have a certain number of children, the json servlet needs to at least support > the enumeration of said children. > > So I'd like to propose that we amend the DOS-protection-algorithm to stop at > 1, rather than 0. > > Thoughts? > > Thanks, > Jeff. > > (PS: apologies if this gets sent out twice, but I think ezmlm ate the first > posting because I hadn't yet cofirmed my subscription so I'm re-sending.) > > > > Jeff Young | Principal Scientist | Adobe Distinguished Inventor > Adobe Systems Software Ireland Ltd. > Registered Office: 4-6 Riverwalk, Citywest Business Campus, > Saggart, Dublin 24, Ireland Company No. 344992 > P Please consider your environmental responsibility before printing this > e-mail. > >
