-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential memory leak #68
Comments
@e-nikolov HI, for the http methods to atom, it won't be an attack, because there are only a few methods such as get, post, put, delete and so on, so there are only a few atoms will be created. There is just one atom will be in VM no matter how many times it's created. |
Those methods are the most used ones, but using curl for example, you can specify any arbitrary string as an http method. |
@e-nikolov 👍 got it, That's could be a problem. maybe we can use |
@e-nikolov i gotta make some other changes, so by the time maybe do a fix try in here, please review |
I'm new to elixir, so I'm not sure if this is true, but since atoms are never cleared from memory, I've heard they are a potential attack vector if user input gets converted to atoms. In the code bellow, the http method gets converted to an atom, and since a user can define an arbitrary method, would this not be an issue?
lib/reverse_proxy_plug.ex
The text was updated successfully, but these errors were encountered: