Re: httpd ...

[rens () imsi com (Rens Troost)]

> > > > > "*Hobbit*" == *Hobbit*  <hobbit () bronze lcs mit edu> writes:
  *Hobbit*> Why is everyone so hot on bumping up buffer sizes, as
  *Hobbit*> opposed to sanitizing and limiting the input TO them?
  *Hobbit*> Christ, it seems so OBVIOUS in light of this Sendmail
  *Hobbit*> thing.

I think it's important to support ridiculously long URLs; arbitrarily
small URL length limits stop you from being able to accumulate session
state in the URL, which is a nice thing to be able to do. In most web
applications, the state that is kept (like input to queries) is small;
I have some applications that need a lot more.

Proper and careful use of dynamic string libraries is in any case
better than fixed-size buffers; they solve the security problem (with
overflows) and they do not inhibit functionality, as do fixed-size
buffers.

-Rens