Issue 2551315: Allow admin settable max number of rows to be returned by rest interface

classification

Title:	Allow admin settable max number of rows to be returned by rest interface
Type:	behavior	Severity:	normal
Components:	Web interface, API	Versions:

process

Status:	new	Resolution:
Dependencies		Superseder:
Assigned To:		Nosy List:	rouilj
Priority:		Keywords:

Created on 2024-02-12 20:32 by rouilj, last changed 2024-02-12 20:32 by rouilj.

Messages
msg7939	Author: [hidden] (rouilj)	Date: 2024-02-12 20:32
First step to handling: https://owasp.org/API-Security/editions/2023/en/0xa4-unrestricted-resource-consumption/ If the user requests @page_size > limit, interpret as though the limit has been used. OWASP includes cpu use, memory use etc. Some of these can be handled by ulimit settings when running under gnuicorn or uwsgi. When running in a container similar memory and cpu limits can be set. Note that there is no limit AFAIK on the number of rows that can be retrieved via the web interface either.

msg7939

Author: [hidden] (rouilj)

Date: 2024-02-12 20:32

First step to handling:

 https://owasp.org/API-Security/editions/2023/en/0xa4-unrestricted-resource-consumption/

If the user requests @page_size > limit, interpret as though the limit has been
used.

OWASP includes cpu use, memory use etc. Some of these can be handled by ulimit settings
when running under gnuicorn or uwsgi. When running in a container similar memory and cpu
limits can be set.

Note that there is no limit AFAIK on the number of rows that can be retrieved via the web
interface either.

History
Date	User	Action	Args
2024-02-12 20:32:28	rouilj	create

Roundup Tracker - Issues

Issue 2551315