During paging content the user can define the limit for the SQL-Query. This is a possible DoS-Vector since a very small request can produce queries with really large results on the server, for example dump the whole database (updates?offset=25&limit=99999).
The maximum limit should be configurable and use a sane default.
During paging content the user can define the limit for the SQL-Query. This is a possible DoS-Vector since a very small request can produce queries with really large results on the server, for example dump the whole database (
updates?offset=25&limit=99999
). The maximum limit should be configurable and use a sane default.