> So given that this is a denial of service attack prevention, how risky is > it letting 1100 post parameters go through with every request? I'm figuring > a real DoS attack would have a lot more than 1100 parameters, but setting > post parameters for 11 times the security update value sounds like poor > practice.
If you actually have forms that need that much data, I don't think allowing that value is a significant threat. After all, people could just run your actual form! You might want to reduce your form size for future revisions of your application, though. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:355284 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm