Lists Home |
Date Index |
>Here's an easy attack -- send you a start tag, then just keep sending
>random alphanumeric characters until your system chokes. An arbitrary
>limit -- even a very high one, like a few gigabytes -- would be useful.
This seems like the wrong level to deal with it. If your worry is
memory use, limit memory use, not the length of element names. Either
use the operating system's facilities for limiting memory, or have a
special purpose allocator. (Or is that too difficult in languages like
I had to address this in my on-line validator, and did it by using
unix's memory and cpu time limits.