我编写了以下 servlet,它将输入转换为大写:
public class TestServlet extends HttpServlet {
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
InputStream in=req.getInputStream();
OutputStream out=resp.getOutputStream();
byte array[]=new byte[1024];
int nReads;
while((nReads=in.read(array))!=-1)
{
for(int i=0;i<nReads;++i)
{
array[i]=(byte)Character.toUpperCase(array[i]);
}
out.write(array, 0, nReads);
}
out.flush();
out.close();
}
}
它工作正常:
echo "aaaaaaaaaaaaaaaaaaaaaaaaaaa" |\
curl -d @- "http://localhost:8080/app/test"
AAAAAAAAAAAAAAAAAAAAAAAAAAAl
部署这样的 servlet 是否安全?这种 servlet 的缺陷是什么?例如,如何防止用户永远阻止我的 servlet 实例:
cat | curl -d @- "http://localhost:8080/app/test/x"