From 5a544d0d7a549a68b85e8410ecdc390b30390dd9 Mon Sep 17 00:00:00 2001
From: christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Thu, 14 Aug 2008 17:31:44 +0000
Subject: CONTENT_LENGTH is a user supplied variable. Without any checks for
 size, one could easily DoS the machine with very large POSTS. Commiting
 changes made to /trunk/ in /branches/1.2/

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@2265 4979c152-3d1c-0410-bac9-87ea11338e46
---
 ledgersmb.conf.default | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ledgersmb.conf.default')

diff --git a/ledgersmb.conf.default b/ledgersmb.conf.default
index 6b45ce44..482f7f65 100644
--- a/ledgersmb.conf.default
+++ b/ledgersmb.conf.default
@@ -10,6 +10,9 @@ latex : 1
 # Maximum number of invoices that can be printed on a cheque
 check_max_invoices : 5
 
+# Maximum POST size to prevent DoS (4MB default)
+max_post_size : 4194304
+
 [environment]
 # If the server can't find applications, append to the path
 PATH: /usr/local/pgsql/bin
-- 
cgit v1.2.3