[cs631apue] Writing to socket while client is still writing to it

[Jan Schaumann]

lbustama <lbustama at stevens.edu> wrote:

> If I change the code to finish reading all the input from the socket  
> before sending the response "while(read(socket,buf, sizeof(buf))", the  
> remote connection displays the right output, but that just leaves the  
> server open for denial of service attacks (just keep on sending  
> "infinite" junk to the server)

You should have an idea of how long a valid request for your server can
be.  For example, if you are only serving files and are not accepting
forms submitted via GET, then you know that the longest URI you can
serve must be of PATH_MAX length.

If you _are_ accepting forms submitted via GET, then it's reasonable to
set a certain limit of how much data you can accept and return an error
if the incoming data is greater than that.

"414 Request-URI Too Long" would then be the right error to return,
perhaps with an HTML page that says something like "please use POST to
submit more data".

(If you're doing POST, and the amount of data submitted is too large,
you'd probably want to return 413.)

-Jan