|
|
|
|
|
|
by larusso
33 days ago
|
|
|
> there is no security benefit to filtering out unneeded url parameters. What about passing extra data to fill the server memory with either extra known junk or a script / executable to use with a zero day in an internal component or something. To misuse the nightclub analogy: it’s like checking for bags not being larger than A4 and disallow knives and other weapons. |
|
|