Publicly facing application: How to stop it from being overloaded

[Moritz]

Hey everyone, 

i would like to use protobuf for a publicly accessible application. As the general rule is to never trust the client, how 

can I make sure they(aka bad people) don't send a lot of "wrong" strings with maximum length (2^32) but no actual

string data following to spam the server? If I am right, the server will then try to allocate the required length(up to 2

GB) for the string and then fails to read it, leading to a huge impact on performance, maybe even the application

running out of memory.

It would be nice to be able to specify a max-length for strings, byte streams and lists in the .proto file in order to avoid

such problems.
Or isn't this a problem at all? Why?

Thank you very much,

Moritz