[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Lynx/MSIE denial-of-service
|
From: |
Tom Zerucha |
|
Subject: |
Re: LYNX-DEV Lynx/MSIE denial-of-service |
|
Date: |
Fri, 14 Mar 1997 15:45:51 -0500 (EST) |
On Tue, 11 Mar 1997, Larry W. Virden, x2487 wrote:
> > > In any case, please _don't_ put arbitrary limits into lynx ; I would
> > > just as soon see no limits put in myself and just have lynx stop when it
> > > can't go any further.
> >
> > Well, on a single user system that's OK, but I'd be royally peeved (and
> > so would the other programmers) if somebody using Lynx encountered a
> > redirect to http://localhost:19/ and froze the system. :(
>
> Yes, I can certainly see that. I can also see that if someone set things up
> so that files larger than 1 meg weren't able to be downloaded that a
> major use of lynx (background download of .tar files, etc. served only
> from WWW servers) would be broken.
HTTP has some limits as to what the first line should be that should put a
small upper limit on the length. Read a first line up to X chars and
syntax verify it. Further, If it doesn't see a valid header (the GET,
POST, etc, cookies, useragent strings, etc. followed by two crlfs) within
some limit (e.g. 16-32K) it should abort the connection.
address@hidden
finger address@hidden for PGP key
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
Re: LYNX-DEV Lynx/MSIE denial-of-service, Klaus Weide, 1997/03/11