[web-devel] limiting POST

Erik de Castro Lopo mle+hs at mega-nerd.com
Fri Jan 6 03:50:11 CET 2012

Kazu Yamamoto (山本和彦) wrote:

> Hello guys,
> As you may know, "Denial of Service through hash table
> multi-collisions" was disclosed:
> 	http://permalink.gmane.org/gmane.comp.security.full-disclosure/83694
> The hashable package is affected but not affected to Yesod suite.
> However, I guess we should provide size limitation of HTTP body on
> POST to Warp.

I disagree with limiting the size. I might be better to for the Warp application
to consume the POST data in constant space.

Erik de Castro Lopo

More information about the web-devel mailing list