Limit post size to help against DoS attacks #446
Comments
|
we have limit() for this, which works for any request body. Even without this specific issue you could exhaust resources reasonably easily without some form of limiting |
|
Can you please elaborate? I couldn't find any limit() function in the source code, and in node-formidable I only saw incomingForm.maxFieldsSize. Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This won't solve the problem completely, but it would help.
Read more about this problem here:
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.youtube.com/watch?v=R2Cq3CLI6H8
The Socket.IO guys already made a commit for this a month ago:
socketio/socket.io@a7f45fe
I think we should be able to specify a max post size and the bodyParser should kill what exceeds that. The implementation should probably be done in the file: https://github.com/senchalabs/connect/blob/master/lib/middleware/json.js
The text was updated successfully, but these errors were encountered: