Would it be worthwhile to use a new property?
maxSavePostSize - The max size of a post to save. 0 for unlimited, -1 to disable saving post.
Of course this doesn't mitigate a malicious person issuing many POSTS under the configured threshold.
-Tim
Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
markt 2005/05/11 14:39:41
Modified: catalina/src/share/org/apache/catalina/authenticator
FormAuthenticator.java SavedRequest.java
webapps/docs changelog.xml
Log:
Include request body in saved request when using FORM authentication.
- Fixes problem with saved request assuming platform default encoding for POSTed
parameters.
- Improves restoration of request by using CoyoteRequest
This is way too risky to do it for any POST (which could be a file upload), and I think it could lead to easy DoSes, so I share Bill's concerns.
Saving parameters in general is risky as well, obviously ...
IMO, webapps need to be better designed, and auth should happen before sending forms.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
