Open webfolderio opened 5 years ago
eao197
commented
5 years ago Hi!
The main use case for RESTinio was (and I suppose still is): take a get/post request, post it for async processing to some another work thread, take a result and send the result back. In our scenarios all requests had some reasonable size.
webfolderio
commented
5 years ago Thanks for the clarification.
My main concern is to buffer attacks. consume_data(const char *, std::size_t) did not prevent vulnerability to buffer attacks. I know that there is a timeout setting that rejects long requests but it might be still good idea to an optional setting to limit request body size.
eao197
commented
5 years ago but it might be still good idea to an optional setting to limit request body size.
I think you're right -- it looks like a good idea. We'll try to address this in the next update for RESTinio. But it hard to predict when this update will be released because we are busy on other projects now and the next free timeslot will be only after a week or two from now :(
Hi,
From the Restinio doc.:
Request handler
Why do you preferred
std::stringinstead of a suitable stream type? I couldn't figure out what happen if http client sends request body which does not fit in the memory?