[nycphp-talk] Best way to handle LimitRequestBody $_REQUESTlimitation
Phillip Powell
phillip.powell at adnet-sys.com
Tue Jun 22 11:58:58 EDT 2004
Ajai Khattri wrote:
> Phillip Powell wrote:
>
>> Allowances for .htaccess are, for now, only for error handling (although
>> I might allow for specialized .htaccess to free up LimitRequestBody
>> to unlimited per client request).
>>
>
> Just wanted to point out, there's a good reason Apache has a limit set
> by default - setting it to unlimited effectively opens up the web
> server for a denial of service attack by uploading massive files that
> tie up the server and fill up the disk...
>
That would be true if this were a public application. As it is set up
it is meant to be in a privately-accessible directory that only 1 or 2
people would be using, thus, the directory with the specially-tailored
.htaccess file would be only vulnerable to 1 or 2 people. Which would
stand to reason that if a denial-of-service attack were to occur, IAPW,
it would be easy to find out who did it.
Phil
--
---------------------------------------------------------------------------------
Phil Powell
Multimedia Programmer
BPX Technologies, Inc.
#: (703) 709-7218 x107
Fax: (703) 709-7219
More information about the talk
mailing list