From c5a40141fed70813df19b5ad0fcab574fa82f082 Mon Sep 17 00:00:00 2001
From: David Schwartz <davidjoelschwartz@gmail.com>
Date: Wed, 21 Aug 2013 11:17:52 -0700
Subject: [PATCH] Don't let clients get tx history arbitrarily far back.

---
 modules/ripple_app/rpc/RPCHandler.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/ripple_app/rpc/RPCHandler.cpp b/modules/ripple_app/rpc/RPCHandler.cpp
index d85d8c2903..ba5c10392d 100644
--- a/modules/ripple_app/rpc/RPCHandler.cpp
+++ b/modules/ripple_app/rpc/RPCHandler.cpp
@@ -1803,6 +1803,10 @@ Json::Value RPCHandler::doTxHistory (Json::Value params, LoadType* loadType, App
         return rpcError (rpcINVALID_PARAMS);
 
     unsigned int startIndex = params["start"].asUInt ();
+
+    if ((startIndex > 10000) &&  (mRole != ADMIN))
+        return rpcError (rpcNO_PERMISSION);
+
     Json::Value obj;
     Json::Value txs;