[web-devel] limiting POST
Erik de Castro Lopo
mle+hs at mega-nerd.com
Fri Jan 6 03:50:11 CET 2012
Kazu Yamamoto (山本和彦) wrote:
> Hello guys,
>
> As you may know, "Denial of Service through hash table
> multi-collisions" was disclosed:
>
> http://permalink.gmane.org/gmane.comp.security.full-disclosure/83694
>
> The hashable package is affected but not affected to Yesod suite.
> However, I guess we should provide size limitation of HTTP body on
> POST to Warp.
I disagree with limiting the size. I might be better to for the Warp application
to consume the POST data in constant space.
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
More information about the web-devel
mailing list