Hi there, > > 2. have getline() read only 1000 characters instead of HUGE_STRING_LEN > > (file http_request.c: getline(l,HUGE_STRING_LEN/4,in,timeout) instead > > of getline(l,HUGE_STRING_LEN,in,timeout)) > > I don't see any obvious problems with it (then again, I'm no expert on > NCSA's code) but I'm curious: is there any rationale behind the magic > number 4 here, or is that an essentially arbitrary decision? it is an arbitrary decision to introduce some security in case I've missed something in the code of the HTTPD. I think it should be enough just to make HUGE_STRING_LEN and MAX_STRING_LEN have the same value. Maybe my approach was a bit paranoid. If you need URLs larger than 1000 chars you might want to increase the buffer sizes. These are pretty much arbitrary as well. Sorry for not saying so in the posting. Greetings, -Thomas -- Thomas Lopatic lopatic@informatik.uni-muenchen.de