mvitz
commented
7 years ago Can you check #185 and merge it if this fix is acceptable for you? ;-)
Open echox opened 7 years ago
mvitz
commented
7 years ago Can you check #185 and merge it if this fix is acceptable for you? ;-)
During paging content the user can define the limit for the SQL-Query. This is a possible DoS-Vector since a very small request can produce queries with really large results on the server, for example dump the whole database (
updates?offset=25&limit=99999). The maximum limit should be configurable and use a sane default.