maxQueryStringLength drawbacks

Question

User1524124084 posted

Hi,

Is there any drawback of increasing maxQueryStringLength in ASP.NET? if yes, what is the optimum value that can be set?

Thanks,

Amol.

Answer 1

User-30361504 posted

query string

Advantages: 

a. Supported by all the browsers 
b. can be useful for executing database queries without needing textboxes 
and button for entring the input and submitting 
c. Easy to use. 

Disadvantages: 
a. All the information in querystring is visible to user not secure. 
b. limited to URL length of 255 characters.

if u have a large data my suggestion is go ahead with cross page posting or session

how cross page posting can apply is write the content in a hidden field  and access it from page 2

chk out :: http://simplyasp.blogspot.in/2011/02/getting-value-from-previous-page-or.html

Answer 2

User1524124084 posted

Hi arunoyour,

Thanks for your reply.

As you suggested, we will not be able to use hidden fields or session variables, as the request is to wcf service through JavaScript (ExtJS Ajax). Therefore, it has to come through querystring. Also, as per documentation, it is currently allowing 2048 characters through querystring. However, the requirement demands more. So, we need to set maxQueryStringLength in web.config to higher value so that we can send more bigger querystring through request. Therefore, we need to evaluate whether there is any drawback of increasing this setting.

Thanks,

Amol.

Answer 3

User-30361504 posted

ok try ajax post method then using json format because it light weighted its fast.

chk out :: http://www.c-sharpcorner.com/uploadfile/b19d5a/inserting-and-fetching-data-using-wcf-rest-service-and-jquery-in-Asp-Net-mvc-2/

here also as u metioned . u need to increase the datacount in webconfig. 

Answer 4

User1524124084 posted

Thanks,

As mentioned there is provision to increase the max querylength in httpruntime of web.config. I have set it to 10000 characters default being 2048. I need to know whether there is any disadvantage of increasing this limit.

 

Answer 5

User-30361504 posted

Amol_India

Thanks,

As mentioned there is provision to increase the max querylength in httpruntime of web.config. I have set it to 10000 characters default being 2048. I need to know whether there is any disadvantage of increasing this limit.

 

I guess there is a potential DOS vulnerability but that depends on how you actually handle the request. hmmm I can't see any other security flaws unless somehow putting something longer on the query string besides a browser limit can be harmful. Do browser max length query strings take precedence over this value is another question I don't have the answer to. Thanks for asking though, maybe someone on here can shed more light on this. 

more info :: http://www.element-it.com/onlinehelp/webconfig.html

Answer 6

User1524124084 posted

Amol_India

Thanks,

As mentioned there is provision to increase the max querylength in httpruntime of web.config. I have set it to 10000 characters default being 2048. I need to know whether there is any disadvantage of increasing this limit.

 

I guess there is a potential DOS vulnerability but that depends on how you actually handle the request. hmmm I can't see any other security flaws unless somehow putting something longer on the query string besides a browser limit can be harmful. Do browser max length query strings take precedence over this value is another question I don't have the answer to. Thanks for asking though, maybe someone on here can shed more light on this. 

more info :: http://www.element-it.com/onlinehelp/webconfig.html

Thanks for your views.