[Twisted-Python] Limit headers by size and not by number in twisted.web
Adi Roiban
adi at roiban.ro
Wed Jan 22 06:37:06 MST 2014
Thanks!
This is somehow related to ticket https://twistedmatrix.com/trac/ticket/288 ,
where things are complicated.
I am worried about malicious HTTP clients sending huge data which ends in
memory.
My previous example is bad since curl will truncate cookies at 8K.
I checked the code deep and twisted.protocols.basic.LineRecever has a
default line size of 16384.
Together with the default headers count, this gives a default limit of
about 7.8MB.
I have created a ticket and we can continue there:
https://twistedmatrix.com/trac/ticket/6927
Thanks!
On 22 January 2014 14:48, Laurens Van Houtven <_ at lvh.io> wrote:
> Hi Adi,
>
> I'm assuming this is somewhat related to
> http://homakov.blogspot.be/2014/01/cookie-bomb-or-lets-break-internet.html:)
>
> I don't know of any mechanisms to limit cookie size. It's probably a good
> feature to have, and perhaps even enable by default.
>
> cheers
> lvh
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
>
--
Adi Roiban
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20140122/b4c8065f/attachment-0002.html>
More information about the Twisted-Python
mailing list