You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by John Crawford <cr...@gmail.com> on 2010/01/22 15:00:22 UTC
Re: [jira] Commented: (SLING-1308) Node.infinity.json contains risk
for DOS.
Here is one reference
http://cwiki.apache.org/SLING/using-curl-with-sling.html
Respectfully,
John
On Thu, Jan 21, 2010 at 4:43 PM, Ian Boston <ie...@tfd.co.uk> wrote:
> I have searched, and I cant find where "infinity" is documented on the
> Sling web site, any pointers ?
>
> Ian
>
> On 21 Jan 2010, at 22:27, Ian Boston (JIRA) wrote:
>
> >
> > [
> https://issues.apache.org/jira/browse/SLING-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803510#action_12803510]
> >
> > Ian Boston commented on SLING-1308:
> > -----------------------------------
> >
> > Patch applies ok and the integration tests passes.
> >
> > However, I have reverted the changes to the Sling API to eliminate the
> need to depend on a later version of the API.
> > Also there was a license header missing, added in.
> >
> > Other than that LGTM,
> > I will go and find the doc and update that as well.
> >
> >> Node.infinity.json contains risk for DOS.
> >> -----------------------------------------
> >>
> >> Key: SLING-1308
> >> URL: https://issues.apache.org/jira/browse/SLING-1308
> >> Project: Sling
> >> Issue Type: Bug
> >> Components: Servlets
> >> Affects Versions: Servlets Get 2.0.8
> >> Reporter: Simon Gaeremynck
> >> Assignee: Ian Boston
> >> Priority: Critical
> >> Attachments: jsonRenderer.diff, jsonRenderer.diff
> >>
> >>
> >> As it is now any user can do a node.infinity.json .
> >> If this happens on the root node in a repository with many items, it
> will cause the server to slow down (eventually crash?)
> >> I've created a patch confirming the discussion @
> http://markmail.org/search/?q=node.infinity#query:node.infinity+page:1+mid:ugqjyqdz2trfpdkr+state:results
> >
> > --
> > This message is automatically generated by JIRA.
> > -
> > You can reply to this email to add a comment to the issue online.
> >
>
>
Re: [jira] Commented: (SLING-1308) Node.infinity.json contains risk for DOS.
Posted by Ian Boston <ie...@tfd.co.uk>.
thank you,
updated with a note.
Strange that search didnt find it.
Ian
On 22 Jan 2010, at 14:00, John Crawford wrote:
> Here is one reference
> http://cwiki.apache.org/SLING/using-curl-with-sling.html
>
> Respectfully,
> John
>
>
>
> On Thu, Jan 21, 2010 at 4:43 PM, Ian Boston <ie...@tfd.co.uk> wrote:
>
>> I have searched, and I cant find where "infinity" is documented on the
>> Sling web site, any pointers ?
>>
>> Ian
>>
>> On 21 Jan 2010, at 22:27, Ian Boston (JIRA) wrote:
>>
>>>
>>> [
>> https://issues.apache.org/jira/browse/SLING-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12803510#action_12803510]
>>>
>>> Ian Boston commented on SLING-1308:
>>> -----------------------------------
>>>
>>> Patch applies ok and the integration tests passes.
>>>
>>> However, I have reverted the changes to the Sling API to eliminate the
>> need to depend on a later version of the API.
>>> Also there was a license header missing, added in.
>>>
>>> Other than that LGTM,
>>> I will go and find the doc and update that as well.
>>>
>>>> Node.infinity.json contains risk for DOS.
>>>> -----------------------------------------
>>>>
>>>> Key: SLING-1308
>>>> URL: https://issues.apache.org/jira/browse/SLING-1308
>>>> Project: Sling
>>>> Issue Type: Bug
>>>> Components: Servlets
>>>> Affects Versions: Servlets Get 2.0.8
>>>> Reporter: Simon Gaeremynck
>>>> Assignee: Ian Boston
>>>> Priority: Critical
>>>> Attachments: jsonRenderer.diff, jsonRenderer.diff
>>>>
>>>>
>>>> As it is now any user can do a node.infinity.json .
>>>> If this happens on the root node in a repository with many items, it
>> will cause the server to slow down (eventually crash?)
>>>> I've created a patch confirming the discussion @
>> http://markmail.org/search/?q=node.infinity#query:node.infinity+page:1+mid:ugqjyqdz2trfpdkr+state:results
>>>
>>> --
>>> This message is automatically generated by JIRA.
>>> -
>>> You can reply to this email to add a comment to the issue online.
>>>
>>
>>