Considering a site that handles large POST data, would it be unreasonable and dangerous to set the php.ini max_input_vars to something like 100000? I know this is a vector for DOS attacks, but don't other configurations such as post_max_size help to prevent that? Are there any ways to safeguard against hash collisions while still having max_input_vars set at a high value? Other considerations would be the effect on GET and cookies. Can someone please explain the consequences of this configuration and the exploits involved?
Aucun commentaire:
Enregistrer un commentaire