How dangerous is increasing PostParameterLimit in CFv9 ? We have increased from the default 100 to 1,100 to meet applications' needs. We are now requested to consider increasing it to 2,000. The developers are reviewing updating the design to use fewer PostParameters.
I don't have a good feel for how dangerous this could be. Comments? Tomcat, Microsoft, and Adobe seem to have quite different considerations of the danger, based on their default number of post parameters: ASP.net 1,000 Tomcat 10,000 ColdFusion 100 ColdFusion: ColdFusion Security Hotfix APSB12-06 http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html Understanding HashDos and postParameterLimit http://www.petefreitag.com/item/808.cfm HashDOS and ColdFusion http://www.petefreitag.com/item/801.cfm thank you, Chris ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357471 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm