edsko
commented
4 days ago Marking as low priority as we do not currently care about protection against DDoS.
Open edsko opened 5 days ago
edsko
commented
4 days ago Marking as low priority as we do not currently care about protection against DDoS.
A hostile client could make a server run out of memory by sending a single enormous gRPC message. We should have a configurable bound on the max message size, and kill a connection when this message size is exceeded.
(NON-option: we cannot impose a maximum memory size "overall"; if we have multiple connections, we might end up with all connections having read "half a message", then hit the limit, and the system unable to make any further progress.)