Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit for queries shouldn't be set by the user #184

Open
echox opened this issue Aug 15, 2016 · 1 comment
Open

Limit for queries shouldn't be set by the user #184

echox opened this issue Aug 15, 2016 · 1 comment
Labels
feature request task

Comments

@echox
Copy link
Contributor

echox commented Aug 15, 2016

During paging content the user can define the limit for the SQL-Query. This is a possible DoS-Vector since a very small request can produce queries with really large results on the server, for example dump the whole database (updates?offset=25&limit=99999).
The maximum limit should be configurable and use a sane default.
mvitz added a commit to mvitz/statuses that referenced this issue Aug 16, 2016
@mvitz
Set maximum of 'limit' query parameter to 100
997ab5e 
If a limit greater than 100 is used the user is redirected to the same
page with a limit of 100.

Relates to innoq#184
@mvitz mvitz mentioned this issue Aug 16, 2016
Open
@mvitz
Copy link
Contributor

mvitz commented Aug 16, 2016

Can you check #185 and merge it if this fix is acceptable for you? ;-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@echox @mvitz