[
https://issues.apache.org/jira/browse/SLING-2320?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeff Young updated SLING-2320:
------------------------------
Description:
A request of resource.1.json should always succeed, as it's the primary method
for JSON introspection of the repository hierarchy. DOS protection should only
apply to "deep" traversals; that is, anything with a depth greater than 1 (and,
in particular, resource.infinity.json).
For a fuller discussion, see:
http://www.mail-archive.com/dev@sling.apache.org/msg13961.html.
was:A request of resource.1.json should always succeed, as it's the primary
method for JSON introspection of the repository hierarchy. DOS protection
should only apply to "deep" traversals; that is, anything with a depth greater
than 1 (and, in particular, resource.infinity.json).
> Current DOS-prevention for infinity.json can prevent enumeration of children
> ----------------------------------------------------------------------------
>
> Key: SLING-2320
> URL: https://issues.apache.org/jira/browse/SLING-2320
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Affects Versions: Servlets Get 2.1.0
> Reporter: Jeff Young
> Labels: newbie, patch
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> A request of resource.1.json should always succeed, as it's the primary
> method for JSON introspection of the repository hierarchy. DOS protection
> should only apply to "deep" traversals; that is, anything with a depth
> greater than 1 (and, in particular, resource.infinity.json).
> For a fuller discussion, see:
> http://www.mail-archive.com/dev@sling.apache.org/msg13961.html.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
