… | |
… | |
1010 | |
1010 | |
1011 | Third, JSON::XS recurses using the C stack when decoding objects and |
1011 | Third, JSON::XS recurses using the C stack when decoding objects and |
1012 | arrays. The C stack is a limited resource: for instance, on my amd64 |
1012 | arrays. The C stack is a limited resource: for instance, on my amd64 |
1013 | machine with 8MB of stack size I can decode around 180k nested arrays but |
1013 | machine with 8MB of stack size I can decode around 180k nested arrays but |
1014 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
1014 | only 14k nested JSON objects (due to perl itself recursing deeply on croak |
1015 | to free the temporary). If that is exceeded, the program crashes. to be |
1015 | to free the temporary). If that is exceeded, the program crashes. To be |
1016 | conservative, the default nesting limit is set to 512. If your process |
1016 | conservative, the default nesting limit is set to 512. If your process |
1017 | has a smaller stack, you should adjust this setting accordingly with the |
1017 | has a smaller stack, you should adjust this setting accordingly with the |
1018 | C<max_depth> method. |
1018 | C<max_depth> method. |
1019 | |
1019 | |
1020 | And last but least, something else could bomb you that I forgot to think |
1020 | And last but least, something else could bomb you that I forgot to think |
… | |
… | |
1024 | If you are using JSON::XS to return packets to consumption |
1024 | If you are using JSON::XS to return packets to consumption |
1025 | by JavaScript scripts in a browser you should have a look at |
1025 | by JavaScript scripts in a browser you should have a look at |
1026 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1026 | L<http://jpsykes.com/47/practical-csrf-and-json-security> to see whether |
1027 | you are vulnerable to some common attack vectors (which really are browser |
1027 | you are vulnerable to some common attack vectors (which really are browser |
1028 | design bugs, but it is still you who will have to deal with it, as major |
1028 | design bugs, but it is still you who will have to deal with it, as major |
1029 | browser developers care only for features, not about doing security |
1029 | browser developers care only for features, not about getting security |
1030 | right). |
1030 | right). |
1031 | |
1031 | |
1032 | |
1032 | |
1033 | =head1 THREADS |
1033 | =head1 THREADS |
1034 | |
1034 | |