Boost :

Subject: Re: [boost] [Beast] Security issue note
From: Artyom Beilis (artyom.beilis_at_[hidden])
Date: 2017-07-01 10:21:47

• Next message: Niall Douglas: "Re: [boost] [review][beast] Review of Beast starts today : July 1 - July 10"
• Previous message: Michael Caisse: "[boost] [review][beast] Review of Beast starts today : July 1 - July 10"
• In reply to: Vinnie Falco: "Re: [boost] [Beast] Security issue note"

I also added an "on_header" callback feature to beast::http::parser so
that users can set the limit after receiving the header based on the
contents. This allows for the type of logic you are describing; the
limit may be conditionally set depending on the value of Content-Type.
The benefit of the callback is that it does not require that the HTTP
message is read in two I/Os (first the header then the body).

This is something I did in CppCMS as well at some point. However this
approach still has a certain design flaw I couldn't fix in CppCMS without
significant API changes.

Between the header analysis and content handling there may be need for
doing some blocking or async IO. For example accessing session stored in
SQL server using Id defined by cookies to get user limits/roles.

So I suggest keeping an option for separate headers and body processing.

Artyom

• Next message: Niall Douglas: "Re: [boost] [review][beast] Review of Beast starts today : July 1 - July 10"
• Previous message: Michael Caisse: "[boost] [review][beast] Review of Beast starts today : July 1 - July 10"
• In reply to: Vinnie Falco: "Re: [boost] [Beast] Security issue note"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk