feature request: optional header limits to contain OOME risks
-------------------------------------------------------------
Key: HTTPCORE-4
URL: http://issues.apache.org/jira/browse/HTTPCORE-4
Project: Jakarta HttpCore
Type: New Feature
Components: HttpCore
Versions: 4.0-alpha1
Reporter: Gordon Mohr
It would be desirable to be able to specify limits in the parsing of HTTP
messages, so that impractically large content (inadvertently or maliciously)
fails in a manageable way, rather than triggering an OutOfMemoryError.
One possibility would be to set limits on HTTP header line lengths and number
of headers; once exceeded, an exception would be thrown.
Another would be to set a byte-total cap on how much content can be considered
to contribute to the headers; past that cap, an exception would be thrown.
A possible wrinkle would be implementing compatible limits at other places mid-
or late-message where unbounded numbers of headers could again appear
(multipart; chunked; footers).
See also:
http://issues.apache.org/jira/browse/HTTPCORE-3?page=all
http://issues.apache.org/bugzilla/show_bug.cgi?id=25468
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
