Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark,
On 5/6/12 5:05 AM, Mark Thomas wrote:
On 05/05/2012 12:25, Kanatoko wrote:
Hello list,
It seems that the Connector attribute "maxParameterCount" is not
applied to multipart requests.
Correct. This is by design.
Doesn't that make it trivial to launch a DOS on a server by simply
using multipart/form-data?
Why not limit parameters for multipart messages?
Impish guess : because "by design" means that it is a lot harder to go dig into the code
borrowed from Commons/FileUpload and to modify it to find out and limit the number of
parameters ?
(and probably a "patches welcome" to follow)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org