- From: David Morris <dwm@xpasc.com>
- Date: Sat, 20 Dec 2008 20:49:50 -0800 (PST)
- cc: <ietf-http-wg@w3.org>
On Sun, 21 Dec 2008, Jamie Lokier wrote: > David Morris wrote: > > A few leading zeros sent by a sloppy program won't impact the network. > > What about a million leading zeros in a chunk header from a malicious > program? Should implementations be expected to accept that? An implementation can always set limits to protect itself. That is just good programming. Certainly the HTTP specification doesn't have to describe common sense. > > Also, is it permitted for a proxy to change Content-Length by removing > leading zeros? Of course, just like a proxy is free to convert chunked encoding to explict content length. Or in the right circumstances, the converse. > > -- Jamie >
Received on Sunday, 21 December 2008 04:50:32 UTC