17 Sep
2003
17 Sep
'03
12:48 p.m.
Simon Marlow writes:
hGetLine should work fine, indeed that's what I used in the Haskell Web Server.
Well, another -- and more important -- problem with hGetLine is that it will read an arbitrarily long line. An attacker might use this to implement an denial-of-service attack simply by sending excessively long lines, thus overflowing the stack / heap. IMHO asynchronous hGetBuf / hPutBuf functions would really be the best solution. (Or a way to set a read timeout for hGetContents ...) Peter