Open michielbdejong opened 8 years ago
Right now, a Box can call:
curl -X POST https://knilxof.org:4243/register -d "{\"local_ip\":\"some...very...long...string\",\"tunnel_url\":\"b\"}"
and we don't limit how long that string is. We should harden this a bit; this is a follow-up to: https://github.com/fxbox/registration_server/pull/11#issuecomment-196884906
When limiting the length of the string sent in one call, we probably also want to limit the number of calls per second.
We can do this at the same time where we drop the formatting restrictions on the string sent (these restrictions don't really contribute anything apart from complicating our server upgrade path), see https://github.com/fxbox/registration_server/pull/11#issuecomment-196695172
Right now, a Box can call:
curl -X POST https://knilxof.org:4243/register -d "{\"local_ip\":\"some...very...long...string\",\"tunnel_url\":\"b\"}"and we don't limit how long that string is. We should harden this a bit; this is a follow-up to: https://github.com/fxbox/registration_server/pull/11#issuecomment-196884906
When limiting the length of the string sent in one call, we probably also want to limit the number of calls per second.
We can do this at the same time where we drop the formatting restrictions on the string sent (these restrictions don't really contribute anything apart from complicating our server upgrade path), see https://github.com/fxbox/registration_server/pull/11#issuecomment-196695172