[Bug 69446] HttpServlet doPut - storage exhausted without maxFileSize limitation

bugzilla Mon, 18 Nov 2024 05:42:37 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=69446


Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #2 from Mark Thomas <ma...@apache.org> ---
If a malicious user can PUT then it doesn't really matter whether they PUT
100,000 1k files or 1 100MB file. Granted, partial PUT does have an element of
amplification but that just gets them there quicker. It doesn't allow them to
do anything they couldn't already. And there is already an option to disable
partial PUT if you want.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 69446] HttpServlet doPut - storage exhausted without maxFileSize limitation

Reply via email to