locked
maxQueryStringLength drawbacks RRS feed

  • Question

  • User1524124084 posted

    Hi,

    Is there any drawback of increasing maxQueryStringLength in ASP.NET? if yes, what is the optimum value that can be set?

    Thanks,

    Amol.

    Monday, January 28, 2013 10:36 PM

Answers

  • User-30361504 posted

    Amol_India

    Thanks,

    As mentioned there is provision to increase the max querylength in httpruntime of web.config. I have set it to 10000 characters default being 2048. I need to know whether there is any disadvantage of increasing this limit.

     

    I guess there is a potential DOS vulnerability but that depends on how you actually handle the request. hmmm I can't see any other security flaws unless somehow putting something longer on the query string besides a browser limit can be harmful. Do browser max length query strings take precedence over this value is another question I don't have the answer to. Thanks for asking though, maybe someone on here can shed more light on this. Wink

    more info :: http://www.element-it.com/onlinehelp/webconfig.html

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, February 8, 2013 2:00 AM

All replies

  • User-30361504 posted

    query string

    Advantages: 

    a. Supported by all the browsers 
    b. can be useful for executing database queries without needing textboxes 
    and button for entring the input and submitting 
    c. Easy to use. 

    Disadvantages: 
    a. All the information in querystring is visible to user not secure. 
    b. limited to URL length of 255 characters.


    if u have a large data my suggestion is go ahead with cross page posting or session

    how cross page posting can apply is write the content in a hidden field  and access it from page 2

    chk out :: http://simplyasp.blogspot.in/2011/02/getting-value-from-previous-page-or.html

    Monday, January 28, 2013 11:25 PM
  • User1524124084 posted

    Hi arunoyour,

    Thanks for your reply.

    As you suggested, we will not be able to use hidden fields or session variables, as the request is to wcf service through JavaScript (ExtJS Ajax). Therefore, it has to come through querystring. Also, as per documentation, it is currently allowing 2048 characters through querystring. However, the requirement demands more. So, we need to set maxQueryStringLength in web.config to higher value so that we can send more bigger querystring through request. Therefore, we need to evaluate whether there is any drawback of increasing this setting.

    Thanks,

    Amol.

    Tuesday, January 29, 2013 12:55 AM
  • User-30361504 posted

    ok try ajax post method then using json format because it light weighted its fast.

    chk out :: http://www.c-sharpcorner.com/uploadfile/b19d5a/inserting-and-fetching-data-using-wcf-rest-service-and-jquery-in-Asp-Net-mvc-2/

    here also as u metioned . u need to increase the datacount in webconfig. 

    Tuesday, January 29, 2013 1:51 AM
  • User1524124084 posted

    Thanks,

    As mentioned there is provision to increase the max querylength in httpruntime of web.config. I have set it to 10000 characters default being 2048. I need to know whether there is any disadvantage of increasing this limit.

     

    Thursday, February 7, 2013 9:04 PM
  • User-30361504 posted

    Amol_India

    Thanks,

    As mentioned there is provision to increase the max querylength in httpruntime of web.config. I have set it to 10000 characters default being 2048. I need to know whether there is any disadvantage of increasing this limit.

     

    I guess there is a potential DOS vulnerability but that depends on how you actually handle the request. hmmm I can't see any other security flaws unless somehow putting something longer on the query string besides a browser limit can be harmful. Do browser max length query strings take precedence over this value is another question I don't have the answer to. Thanks for asking though, maybe someone on here can shed more light on this. Wink

    more info :: http://www.element-it.com/onlinehelp/webconfig.html

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, February 8, 2013 2:00 AM
  • User1524124084 posted

    Amol_India

    Thanks,

    As mentioned there is provision to increase the max querylength in httpruntime of web.config. I have set it to 10000 characters default being 2048. I need to know whether there is any disadvantage of increasing this limit.

     

    I guess there is a potential DOS vulnerability but that depends on how you actually handle the request. hmmm I can't see any other security flaws unless somehow putting something longer on the query string besides a browser limit can be harmful. Do browser max length query strings take precedence over this value is another question I don't have the answer to. Thanks for asking though, maybe someone on here can shed more light on this. Wink

    more info :: http://www.element-it.com/onlinehelp/webconfig.html

    Thanks for your views.

    Tuesday, February 12, 2013 9:55 PM