There is a bit of a debate going on, I was hoping the community could chime in...
What is a "reasonable limit" for the postSizeLimit and postParameterLimit settings (aka maximum number of form fields)? 100, 1,000, 10,000? On the one hand, we have a dynamic form with LOTS of fields. This is/was a business requirement, it grew over time, it hit the limit, again. Of course we could spend days/hours rewriting the code, or we can just up the limit and move on. (Yes, eventually it should get re-written, but that's not the point of this inquiry.) On the other hand, we have security. The security camp says, the lower the better. Is raising the limit from say 5,000 to 6,000 really going to hurt us from a security point of view? How? Why? I have looked around and seen many a blog post about the settings. However, I haven't see any information on what a good rule of thumb should be. Just where should we draw the line? How high is too high and why? Ready? Fight... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355192 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
