Hi!
From the comments by Laruence it seems that he thinks that we only need to limit post, as get and cookie has external limits.
I don't think it's a big problem if we limit all of them. It's not like anybody needs a million cookies in their http request.
And I guess at least the information disclosure part would be needed here also ( https://twitter.com/#!/i0n1c/status/152356767601393665 )
Could you please elaborate on that part - where is the disclosure and what exactly is being disclosed?
-- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php