Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

added note on another memory attack

  • Loading branch information...
commit 8a8d71217b946311aa9da97aee5f68cb06e0eeba 1 parent ca0cc94
AJ ONeal authored
Showing with 4 additions and 3 deletions.
  1. +4 −3 README.md
7 README.md
View
@@ -246,9 +246,10 @@ The downside to this solution is that it requires parsing field names.
The following are abbreviated security concerns for a form handler with generous and reasonable defaults
* `error` - abstract `req.on('error')` and `poorForm.on('error', fn)` as to handle malformed requests
- * `maxFieldHeaderSize` - default 256 Bytes - prevent memory attacks
- * `maxFieldNames` - default 1000 - prevent hash collision attacks
- * `maxFieldValueSize` - default 4KB - prevent memory attacks
+ * `maxHeaderSize` - default 256 Bytes - prevent memory attacks
+ * `maxUniqueFieldNames` - default 1000 - prevent hash collision attacks
+ * `maxFieldSize` - default 4KB - prevent memory attacks
+ * `maxFieldTotalSize` - default 1MB - prevent memory attacks
* `maxFileSize` - default 4 GiB - prevent storage attacks
* `maxUploadSize` - default 16 GiB - prevent memory / storage attacks
* `removeIncomplete` - default true - ignore unless creating a resumable upload service
Please sign in to comment.
Something went wrong with that request. Please try again.