juneau-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lukasz Lenart"<lukaszlen...@apache.org>
Subject Re: Security
Date Mon, 13 Nov 2017 13:36:36 GMT
On 2017-11-10 18:47, James Bognar <jamesbognar@gmail.com> wrote: 
> However, we don't have any limiters in place to prevent you from, for
> example, creating an infinitely long String field (other than the built-in
> limitations on the StringBuilder class itself which is limited by an int).
> 
> I'm thinking it can be solved at the REST servlet interface with a
> BoundedReader (
> https://commons.apache.org/proper/commons-io/javadocs/api-2.5/org/apache/commons/io/input/BoundedReader.html).
> The parsers themselves wouldn't need to be changed.
> 
> Thoughts anyone?  What would be an appropriate default size limit on the
> input?  100MB?

I'm not sure if this will help, try to parse this string:

{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}:1}

Regards
Lukasz

Mime
View raw message