Bugtraq mailing list archives
Re: httpd ...
From: rens () imsi com (Rens Troost)
Date: Sun, 26 Feb 1995 17:32:19 -0500
"*Hobbit*" == *Hobbit* <hobbit () bronze lcs mit edu> writes:
*Hobbit*> Why is everyone so hot on bumping up buffer sizes, as *Hobbit*> opposed to sanitizing and limiting the input TO them? *Hobbit*> Christ, it seems so OBVIOUS in light of this Sendmail *Hobbit*> thing. I think it's important to support ridiculously long URLs; arbitrarily small URL length limits stop you from being able to accumulate session state in the URL, which is a nice thing to be able to do. In most web applications, the state that is kept (like input to queries) is small; I have some applications that need a lot more. Proper and careful use of dynamic string libraries is in any case better than fixed-size buffers; they solve the security problem (with overflows) and they do not inhibit functionality, as do fixed-size buffers. -Rens
Current thread:
- Re: X keyboard sniffing der Mouse (Feb 24)
- Re: X keyboard sniffing Stephen Gildea (Feb 24)
- httpd ... *Hobbit* (Feb 24)
- Re: httpd ... Rens Troost (Feb 26)