Comment 18 for bug 1098307
Revision history for this message
| Dan Prince (dan-prince) wrote Re: unauthenticated POST to /tokens can fill up disk/logs | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
ayoung:
Regarding your concern about request sizes my aim is to address that here: https:/
---
To your other point the fact that keystone isn't checking these token sizes up front is arguably sloppy and is in fact directly related to this specific issue which is caused by letting allowing really large tokens to go all the way to the database layer. I guess my take is that validating the size of an input parameter (a token) is something we should be doing regardless of whether or not we have a generic request size limiter in place.