A hostile client could make a server run out of memory by sending a single enormous gRPC message. We should have a configurable bound on the max message size, and kill a connection when this message size is exceeded.
(NON-option: we cannot impose a maximum memory size "overall"; if we have multiple connections, we might end up with all connections having read "half a message", then hit the limit, and the system unable to make any further progress.)
A hostile client could make a server run out of memory by sending a single enormous gRPC message. We should have a configurable bound on the max message size, and kill a connection when this message size is exceeded.
(NON-option: we cannot impose a maximum memory size "overall"; if we have multiple connections, we might end up with all connections having read "half a message", then hit the limit, and the system unable to make any further progress.)