|
|
|
|
|
|
by jbrechtel
4824 days ago
|
|
|
For the application code to complain about password length then the 4gb upload has to have already occurred. Protecting against a DoS attack this way is done in the webserver, which doesn't care about individual fields. Sure this means there's an implicit password length limit, but not in any application-level sense. |
|
|