Page 1 of 1

PHP.INI PHP_MAX_UPLOAD, etc.

Posted: Fri Jun 01, 2007 11:04 pm
by seodevhead
Hey guys...

I have a lot of forms on my site that allow file uploads, be it pictures, pdf documents, etc. I want to allow up to 100mb uploads per form submission, and thus far have been altering .htaccess files on a per-dir context to allow up to 100mb with the PHP.INI configuration parameters such as PHP_MAX_UPLOAD, etc. (I think these are the params).

Anyways... would you guys see any problem in me just altering the global php.ini and allowing the max post size and upload size to be 100 mb? Would 100 mb max size globally be opening me up to trouble from a security standpoint? Or am I way too paranoid? I think my current php.ini has the max post size at like 2mb... which is way too small.

Any opinions I'd love to hear. Thanks.

Posted: Fri Jun 01, 2007 11:49 pm
by feyd
If someone wanted to severely affect your server they need only upload several hundred megabyte files to it then. With the limit set in most locations to a small size, it's a bit (although only slightly) more difficult to exploit.