Are there general strategies to survive Gigabyte size query options?

[sthagen]

Given we do not assume anything about the content of an OData service using our parsers, is there still a way to help servces to survive query option volume or recursion level attacks?

Offering an API that has an optional slot for acceptable field values, depth limits etc. can become quite unwieldy or irrelevant.

Maybe add these practical security risks to the sleeping Committee Note on OData security ... (@sthagen 😉)

We can always just document it and otherwise simply offer the grammar(s) and starting code bases for application developers ...