[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] HTTP range requests handling
|
From: |
Christian Grothoff |
|
Subject: |
Re: [libmicrohttpd] HTTP range requests handling |
|
Date: |
Sat, 21 Mar 2020 11:13:41 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 |
Dear Emmanuel,
Not sure, for the main lib: due to the security considerations, an
implementation would be either inherently incomplete (suprise!), or
likely insecure (bad surprise). I don't like shipping either of these
surprises.
However, if you do have a reasonably robust implementation, we could
certainly at least add it to the MHD *examples* / documentation for
other people to more easily find and use it.
Happy hacking!
Christian
On 3/21/20 11:08 AM, Emmanuel Engelhart wrote:
> Hi Christian
>
> Thank you for our quick response.
>
> If we have one, would you be interested to integrate it to libmicrohttpd
> as a kind of helper solution?
>
> Kind regards
> Emmanuel
>
> On 21.03.20 10:56, Christian Grothoff wrote:
>> Hi!
>>
>> No, we don't. Note that you might not even want to support the full
>> range spec:
>>
>> https://tools.ietf.org/html/rfc7233#page-19
>>
>> https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-mitigation-of-apache-range-header-dos-attack/
>>
>> Happy hacking!
>>
>> Christian
>>
>> On 3/21/20 10:45 AM, Emmanuel Engelhart wrote:
>>> Hi
>>>
>>> Does libmicrohttpd provides facilities to handle HTTP range requests
>>> parsing. The spec is quite complicated and it is pretty cumbersome to
>>> handle all cases within a custom parser.
>>>
>>> Regards
>>> Emmanuel
>>>
>>
>
>
signature.asc
Description: OpenPGP digital signature