View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008999 | Taler | libeufin-bank | public | 2024-07-01 11:35 | 2024-07-28 21:49 |
| Reporter | Antoine A | Assigned To | Antoine A | ||
| Priority | normal | Severity | feature | Reproducibility | have not tried |
| Status | assigned | Resolution | open | ||
| Target Version | post-1.0 | ||||
| Summary | 0008999: Set limits to all variable size user inputs | ||||
| Description | Currently, all strings in all APIs are unsized and libeufin-bank accepts strings of any size. As libeufin-bank uses a very restrictive maximum size (4kB) on all decompressed bodies, this is not a serious security issue. However, it would be healthier to set reasonable limits on all variable-length entries such as wire transfer's subject, bearer token's description, account's name, account's username and so on. Do we want to put those limits inside the API specification, if not how can we communicate those limits to clients? | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-07-01 11:35 | Antoine A | New Issue | |
| 2024-07-01 11:35 | Antoine A | Status | new => assigned |
| 2024-07-01 11:35 | Antoine A | Assigned To | => Antoine A |
| 2024-07-25 23:59 | Christian Grothoff | Target Version | 1.0 => post-1.0 |
| 2024-07-28 21:49 | Christian Grothoff | Severity | minor => feature |
