Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118600 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 75904 invoked from network); 10 Sep 2022 14:23:35 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 10 Sep 2022 14:23:35 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id ABA7E1804C4 for ; Sat, 10 Sep 2022 07:23:34 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 10 Sep 2022 07:23:34 -0700 (PDT) Received: by mail-wr1-f53.google.com with SMTP id o25so7818341wrf.9 for ; Sat, 10 Sep 2022 07:23:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=dXxZ9g7aZ+rPJDhPNLqiJ/JWAzs36JUUMrI9xv1GrYs=; b=psmG9rIGvyw9z/81DThGRTRjZr8azhkgQJzjjA+15ma2D0MP1LY7pX3aQ0217WtWWx YHOUVPQqkVzpSNpOhIYHB4BMmX1JyWmHm6W/T5r47qny95xb798qCSZqUfb1jwrGR0tZ 9uxkqWGgkyGA4v0zfhnWECsXnUzlkp/qV6ryAXt6qnqT16oBTDLy8k4OmXrSjHdsqdWG yu+cvKoYICNcDc48flOI/ORKghrNwxBvg0Iuu2h78r37bX0Xnq5T4zLQOYXluotxT3dR /AgYAxumN0EZJjS3BILucCBTabrxBpmmIVE+d867d/bjqMOQv1xkW0o++DLL0dHZiXaF IKVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=dXxZ9g7aZ+rPJDhPNLqiJ/JWAzs36JUUMrI9xv1GrYs=; b=mJ+Y+cecAJjhF7Amg86ySHu8Vp1/qexovAJaube7Lxj5POv2mY9hJD0Fec2P0rTS5u pAW/WSiXZmKhSjatKlJaucZIsqnsSpAg81Fa43razdBAcjsY0ONJpdmEzHbYb0OfxkO8 Rn4tx3pdyci/fexzXs+SJxAPl5wK5UhOFtdazkNIYqdxf8U2szN+03JFm3sJuVtBruAi BAi1OlePvGNqYCHmuUAR5CPJ+6KWmoxx8BXLNb31a43lLbLvQBqOl1hp6ivp8w9Rxm1+ xF7lsQ/WYiogaHVfaFQDHRchfIjuN6/5I0+2tqdHhFik+ORDg2CuiBnVmbABz8fAlhAL vPVg== X-Gm-Message-State: ACgBeo1tzQN+KotZ9oaFfqxdIo3OekN1UHrle0LftXpAhbAWIV1mYpQd /1jyfuSzgcDdf5zLa2IujdCNFQJOipY0OKIEsXY= X-Google-Smtp-Source: AA6agR6dGsA5EK4hJhYeMRHXDdHD1++Knam33og1jrhkMlF3IoP/HUJY+Tcw9Qwmpb8qjw3KBMlwntrNlc8Zn8SIEEw= X-Received: by 2002:a5d:6504:0:b0:228:c94b:a5bb with SMTP id x4-20020a5d6504000000b00228c94ba5bbmr10226415wru.623.1662819812946; Sat, 10 Sep 2022 07:23:32 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Sat, 10 Sep 2022 15:23:21 +0100 Message-ID: To: juan carlos morales Cc: Peter Kokot , Yasuo Ohgaki , Misha , internals@lists.php.net Content-Type: multipart/alternative; boundary="00000000000046b92d05e85368d9" Subject: Re: [PHP-DEV] Increase maximum size of an uploaded file to 50Mbyte From: davidgebler@gmail.com (David Gebler) --00000000000046b92d05e85368d9 Content-Type: text/plain; charset="UTF-8" On Sat, Sep 10, 2022 at 3:05 PM juan carlos morales < dev.juan.morales@gmail.com> wrote: > I also agree that increasing the size to something bigger than 8M > might not be a good idea; I can imagine that a value bigger than 8M > (like 50M) will cause an impact in hosting platforms specially, which > will be forced to always change the php's default values to a lower > one, because of potential DoS Attacks. > > Default settings should have a reasonable level of security in mind. > Do these settings actually have any impact in respect of DoS attacks? As far as I'm aware, neither post_max_size nor upload_max_filesize do anything to prevent or terminate processes where the client sends data exceeding these limits, that's something you should handle in your webserver. --00000000000046b92d05e85368d9--