Re: [json] Security in libjson
- I have set nest depth to 10 but I'm checking object structures in fastJSON for .net which seems more than enough. Size limit is tricky as you might have to transfer large rows of data in datasets which could easily go over 32mb, so I'm not checking for that.
Hope that helps.
On 2011-04-06 02:10, jonathan wallace wrote:
> Since I've received a number of requests for more security options in
> libjson, I'm in the process of adding them and I have two questions
> regarding the default values. �libjson will allow you to change these
> values, but I want to set a default.
> My new security features protect against DoS attacks. �I have a
> maximum nesting depth option and a maximum json length option. �My
> current defaults are 100 nests maximum and 32MB length maximum. �I
> would like to know everyone's opinion on these values. �I know PHP has
> a max nest limit of 128 and no length limit.
> [Non-text portions of this message have been removed]
[Non-text portions of this message have been removed]