Re: [Haskell] Re: [Haskell-cafe] ANNOUNCE: enumerator, an alternative iteratee package

20 Aug 2010


      On 20/08/10 17:30, Felipe Lessa wrote:
...
On Fri, Aug 20, 2010 at 1:12 PM, John Millikin  wrote:
...
This thought occurred to me, but really, how often are you going to
have a 10 GiB **text** file with no newlines? Remember, this is for
text (log files, INI-style configs, plain .txt), not binary (HTML,
XML, JSON). Off the top of my head, I can't think of any case where
you'd expect to see 10 GiB in a single line.
In the worst case, you can just use "decode" to process bytes coming
from the ByteString-based enumHandle, which should give nicely chunked
text.
I was thinking about an attacker, not a use case.  Think of a web
server accepting queries using iteratees internally.  This may open
door to at least DoS attacks.
You don't need to send that much data, the current implementation of
Enumerator uses hGet, which blocks, so just send the server a few bytes and
it'll be sitting there waiting for input until it times out (if ever).
Open a
few hundred of those connections and you're likely to cause the server
to run
out of FDs.  Of course this is already coded up in tools like
slowloris[1] :-)

/M

[1] http://ha.ckers.org/slowloris/
-- 
Magnus Therning                        (OpenPGP: 0xAB4DFBA4)
magnus＠therning．org           Jabber: magnus＠therning．org
http://therning.org/magnus         identi.ca|twitter: magthe