diff options
| author | Dan Prince <dprince@redhat.com> | 2013-01-10 13:25:18 -0500 |
|---|---|---|
| committer | Dan Prince <dprince@redhat.com> | 2013-02-05 09:20:57 -0500 |
| commit | 8ec247bf61be0e487332d5d891246d2b7b606989 (patch) | |
| tree | ab9ac2196007c3d87f2e0a6b1669a18c1c908314 /keystone/config.py | |
| parent | b3d667ab3bac874eda68c0ea0280f9e506f854aa (diff) | |
| download | keystone-8ec247bf61be0e487332d5d891246d2b7b606989.tar.gz keystone-8ec247bf61be0e487332d5d891246d2b7b606989.tar.xz keystone-8ec247bf61be0e487332d5d891246d2b7b606989.zip | |
Add size validations to token controller.
Updates token controller so that it explicitly checks the max
size of userId, username, tenantId, tenantname, token, and password
before continuing with a request.
Previously, when used with the SQL keystone backend an unauthenticated
user could send in *really* large requests which would ultimately log
large SQL exceptions and could thus fill up keystone logs on the
disk.
Change-Id: Ie7e3a958829f99f080e66582bdf558cded70248c
Diffstat (limited to 'keystone/config.py')
| -rw-r--r-- | keystone/config.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/keystone/config.py b/keystone/config.py index e7f31394..40af2fd6 100644 --- a/keystone/config.py +++ b/keystone/config.py @@ -141,6 +141,9 @@ register_str('policy_file', default='policy.json') register_str('policy_default_rule', default=None) #default max request size is 112k register_int('max_request_body_size', default=114688) +register_int('max_param_size', default=64) +# we allow tokens to be a bit larger to accomidate PKI +register_int('max_token_size', default=8192) # identity register_str('default_domain_id', group='identity', default='default') |