1 Jan 07, 2015 13:59
After I used the Free HTML widget, http://forums.b2evolution.net/user-defined-posts-per-page , I realised it is possible to request 1000's of posts via a URL. This could be an unreasonable demand on sever load which can be used maliciously.
Can we set, via the back office, a maximum number of posts to be served, or am I worrying about nothing ? Does it matter if someone or hundreds of people type http://forums.b2evolution.net/?disp=posts&posts=100 or 1000000 as a url