Re: A question about Content-Length header

Peter wrote:
> In TR-69 domain, messages are text-based SOAP envelopes carried in HTTP 1.1 
> messages. The messages are always of text/html type and normally 
> syntactically terminated by </soap:Envelope> tag.
> If you would argue with "what if the soap msg has syntax errors or the end 
> tag got lost?", i would say it is the same situation as "what if a http msg 
> has a Content-Length header with incorrect msg body length?".

The difference is that HTTP message boundaries (Content-Length etc.)
and <soap:Envelope> are normally parsed by different software.

Message boundaries are parsed by proxies, and those should not have
any knowlege of <soap:Envelope> or other non-HTTP message boundary
terminators.  Message boundaries are also often parsed by generic HTTP
agents, before passing individual messages to specific applications.

> In any situation, the receiver should be able to recover from error input.

If HTTP message boundaries aren't clear, it opens a whole bunch of
security holes.  Especially, connections from proxies may carry
messages from multiple unrelated users at the same time.

-- Jamie

Received on Sunday, 25 January 2009 19:49:07 UTC