> > Tavin informs me that ignoring metadata opens up a DoS attack -- insert > megabytes of bogus metadata, and the file will be forever tied to it. > Setting a limit for metadata size is an option. > > It's probably best to simply disallow it, IMHO. I'm in favor of this. Disallow CHK metadata (or at least strongly mandate that to client authors and in any libraries we make). CHK's are almost always referred to from a redirect, so place the metadata in that redirect. Does the standard allow for this?
-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20010402/e3a2e807/attachment.pgp>
