--- Michal Migurski <[EMAIL PROTECTED]> wrote: > Anyone have any clue why this is the case? Is there a performance > reason that raw post data must be explicitly enabled, or is it more > of a protective measure for overly permissive beginner scripts?
If it was always enabled, it sure would make a DoS attack easy. I'd just send lots of huge POST requests to any PHP script on your server. Hope you have "migs and megs of memories," as Strong Bad would say. :-) Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming Fall 2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
