Loading ...
Sorry, an error occurred while loading the content.

Re: [soaplite] Re: How to handle big soap attachments ?

Expand Messages
  • Paul Kulchenko
    Hi, Sebastian! Absolutely agree. That s the reason why I want to introduce some additional transport options, like ACCEPTABLE_CONTENT_TYPE (if you want to
    Message 1 of 13 , Mar 22, 2001
      Hi, Sebastian!

      Absolutely agree. That's the reason why I want to introduce some
      additional transport options, like ACCEPTABLE_CONTENT_TYPE (if you
      want to accept ONLY text/xml or multipart/related) and
      MAX_CONTENT_SIZE that should take care about it and request will be
      rejected. As for DOS attack it could be introduced even with small
      request which has complex XML structure. Anyway, these options should
      make server side more robust.

      Best wishes, Paul.

      --- sebaklu@... wrote:
      > Hi Paul,
      > That's right, but the current version of SOAP::Lite should never
      > expect large requests. The server will give no response and fill
      > out
      > the complete memory on the machine. Since it expect SOAP messages
      > with attachements it should be able to handle large amount of data.
      > However, it works fine with simple requests. But general for
      > handling SOAP messages with attachments (the 7 MB attachment was
      > an
      > example, i had also problems to handle smaller attachments) should
      > use stream mechanism. If not you should not read it into memory but
      > reject the request. Maybe i'm wrong but it is a weak point and DOS
      > attacks may use it.
      > Sebastian
      > --- In soaplite@y..., Paul Kulchenko <paulclinger@y...> wrote:
      > > Hi, Sebastian!
      > >
      > > That's true, but at the same time it's easy to imagine situation
      > when
      > > you send something not directly, but thru the several different
      > > intermediaries and each of them will need to handle this huge
      > > request. If this piece is encoded as external reference then
      > handler
      > > could be smart enough to get it only if it's required (yet I
      > don't
      > > know about such smart handlers :)). Ideas, ideas...
      > >
      > > Ideally implementation should be flexible enough to handle both
      > (and
      > > maybe man others) approaches, maybe with manual hints.
      > >
      > > Best wishes, Paul.
      > ------------------------ Yahoo! Groups Sponsor
      > To unsubscribe from this group, send an email to:
      > soaplite-unsubscribe@yahoogroups.com
      > Your use of Yahoo! Groups is subject to
      > http://docs.yahoo.com/info/terms/

      Do You Yahoo!?
      Get email at your own domain with Yahoo! Mail.
    Your message has been successfully submitted and would be delivered to recipients shortly.