0 Replies Latest reply: Dec 11, 2011 5:56 AM by Squall867 RSS

    Maximum token size

      Hi, in order to start a secure context there is token exchange right?
      A typical scenario is:
      token = new byte[inStream.readInt()];
      Now, I'd like to have a check for entered token size before actually read it, because an attacker could possibily enter a very big number and raise an out of heap memory error in JVM (I already tested it!).

      So, my question is: how can token length vary? Is there a maximum value beyond I can state there's something wrong and not read incoming data at all?