Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Mar 2005
    Location
    greater manchester, uk
    Posts
    65
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Question Is there anything to limit the submission of dangerously large amounts of POST data?

    Hey!


    Something tells me that I should already know the answer to this, but:


    I'm used to validating the lengths of string variables (e.g. in PHP) before the contents are sent into character fields in a database, but I was wondering whether there was anything to stop an unscrupulous person from submitting a huge amount of post data so that it caused the overflow of a PHP variable (when the data was received by the web server).

    I know that string variables / variants in most server-side scripting languages will store far more character data than can be sent via the HTTP GET method, but isn't it possible to send really large objects using the POST method?

    I've no doubt I'm missing some fairly fundamental information here, but if anyone could provide me with an explanation then that would be very helpful.



    Thanks!

  • #2
    New Coder
    Join Date
    May 2009
    Posts
    55
    Thanks
    1
    Thanked 4 Times in 4 Posts
    Actually i tested this and it seems that once the php memory limit is reached, the suspicious script just gets killed.

    Not allowing post data is not really what php does i guess because a file is also sent through post requests. However, i think there is a limit on get requests.

  • Users who have thanked hthought for this post:

    MattyJim (10-01-2009)

  • #3
    New Coder
    Join Date
    Mar 2005
    Location
    greater manchester, uk
    Posts
    65
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Smile Thanks!

    Thanks, hthought!

    I kind of assumed that there'd be something to prevent problems, as I've never seen this issue raised anywhere else.

    Looks as though PHP has some sort of inbuilt protection, and so I'm guessing that other modern Web languages do too.



    Thanks again for your help!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •