The issue we are talking about isn't necessarily XML only correct? The initial bug description seems to describe large requests in general as being a potential problem.
I'm also a bit confused here as to what exactly we are trying to solve. Isn't this the same issue we fixed in:
Like ttx points out we sort of decided not to backport that to Folsom since it fell under the "new feature" umbrella. That said there is nothing preventing a distro from picking up that patch for extra protection.
-----
Also the "keystone has no limitation for requests and headers size which may cause DB or process crash" description on this bug could be a bit misleading I think.
Eventlets WSGI defaults should cover us in terms of checking max header size. Eventlets wsgi.py shows:
MAX_HEADER_LINE = 8192
MAX_TOTAL_HEADER_SIZE = 65536
url_length_limit=MAX_REQUEST_LINE (which is set to 8192 by default...)
----
My main question here is there some new ground/or request type that upstream grizzly isn't protected from? Or just something we need to backport to Folsom?
The issue we are talking about isn't necessarily XML only correct? The initial bug description seems to describe large requests in general as being a potential problem.
I'm also a bit confused here as to what exactly we are trying to solve. Isn't this the same issue we fixed in:
https:/ /review. openstack. org/#/c/ 19567/
Like ttx points out we sort of decided not to backport that to Folsom since it fell under the "new feature" umbrella. That said there is nothing preventing a distro from picking up that patch for extra protection.
-----
Also the "keystone has no limitation for requests and headers size which may cause DB or process crash" description on this bug could be a bit misleading I think.
Eventlets WSGI defaults should cover us in terms of checking max header size. Eventlets wsgi.py shows:
MAX_HEADER_LINE = 8192 HEADER_ SIZE = 65536 limit=MAX_ REQUEST_ LINE (which is set to 8192 by default...)
MAX_TOTAL_
url_length_
----
My main question here is there some new ground/or request type that upstream grizzly isn't protected from? Or just something we need to backport to Folsom?