W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: don't use POST for big GET [was: Dictionaries in HTML ]

From: Lou Montulli <montulli@mozilla.com>
Date: Fri, 09 Feb 1996 14:37:21 -0800
Message-Id: <311BCCA1.2781@mozilla.com>
To: Henrik Frystyk Nielsen <frystyk@w3.org>
Cc: Neil Katin <katin@amorphous.com>, NED@innosoft.com, fielding@avron.ICS.UCI.EDU, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com 
Henrik Frystyk Nielsen wrote:

> The problem is more that many implementations use static buffers of, let's say
> 1024 bytes for reading the HTTP request line. If the request line is longer
> than the buffer then the application dies or is open for security attacks.
> This was the case with a version of the NCSA server and also a version of the
> Netscape client, I believe.

The problem you are probably refering to, only occured with
really long hostnames.  The size of the URL (hostname excluded) is
theoretically infinate.

:lou
-- 
Lou Montulli                 http://www.netscape.com/people/montulli/
       Netscape Communications Corp.
Received on Friday, 9 February 1996 14:40:48 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:44 EDT