How many is too many post parameters?
We've had a few applications fail with the new postParametersLimit in CHF4 (the included Security Hotfix APSB12-06, http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html ) Even increasing postParametersLimit from 100 to 200 isn't enough -- one application uses 1006 post parameters ( !! ) So given that this is a denial of service attack prevention, how risky is it letting 1100 post parameters go through with every request? I'm figuring a real DoS attack would have a lot more than 1100 parameters, but setting post parameters for 11 times the security update value sounds like poor practice. thank you, Chris ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355281 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
