edrthomas
commented
7 years ago Addressed in Security TF call 16-11-09
As mentioned in minutes, see accepted resolution for this issue.
Note on 6.2 Query string length added in TAC 1.0
Open sandersaares opened 7 years ago
edrthomas
commented
7 years ago Addressed in Security TF call 16-11-09
As mentioned in minutes, see accepted resolution for this issue.
Note on 6.2 Query string length added in TAC 1.0
Web servers have size limits on the number of data that can be present in the request headers (including query string). Including large base64-encoded data blocks into the query string may pose scalability problems with some web servers.
If use of query string parameters is unavoidable, this danger should be explicitly mentioned in TAC and recommendations made to minimize its negative impact.