Geek Answers Handbook

Should I decline URLs longer than expected?

I am developing an application and have URLs in the format www.example.com/some_url/some_parameter/some_keyword. I know by design that the maximum length of these URLs will be (and remains valid). Should I check the length of the URL with each request to protect against buffer overflow or injection attacks? I think this is an obvious yes, but I'm not a security expert, so maybe I'm missing something.

+5
source share
13 answers

If you do not expect this entry, reject it.

, , - . , URL- , , , .

+5

- . - . .

, URL- N , . , , . , , , , ​​ . , , , N.

, . , URL-. , URL- , - .

+5

, URL N ? , , , - , , .

+1

, , , , URL- N, , . , , , URL- N + y , URL.

URL .

+1

Safari, Internet Explorer Firefox , .

.

http://www.boutell.com/newfaq/misc/urllength.html

-

" Microsoft Internet Explorer () - 2,083

Firefox (). 65 536 URL- Windows Firefox 1.5.x. , URL-. 100 000 .

Safari (). 80 000 .

+1

, , URL-, . , , , , , , () , .

0

, . . . .

, .

0

. , , . , , (, IISLockdown ).

.

0

, , , . , URL , . : . , eval(), .

0

, URL- N , .

0

, , URL.

, URL, , .

, .

0

, , N . , URL-, N , . , , , :

, . , URL , URL- N , URL- (, , , URL-, ).

0

, , , , . tl; dr imo, .

, URL- , . , , , - .

, . , . . , "" , , , - , , , , . , , - .

, ? . "" , . , , , , "" , , URI, "", , ( ); , , , .

, , , ... " ", , , . , , , "" URL-, , .

- , . , Java Python, "-". Java URI, , , URL-, - @Path("/person/(.{0..100}"), 100 . , Ruby Python , "webby" .

, , , , . URI, , - , , .. , URI 1 , ; , , "" " , ", , .

0

More articles:


All Articles