From 4daba3daa3b655c73c76f6007237b6313ad8f1bb Mon Sep 17 00:00:00 2001 From: Camilo Nova Date: Sat, 10 May 2014 12:38:04 -0500 Subject: [PATCH] Limit the length of the values logged into the database. Refs #73 --- axes/decorators.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/axes/decorators.py b/axes/decorators.py index 110e579..f876452 100644 --- a/axes/decorators.py +++ b/axes/decorators.py @@ -85,11 +85,13 @@ def query2str(items): If there's a field called "password" it will be excluded from the output. """ + # Limit the length of the value to avoid a DoS attack + value_maxlimit = 256 kvs = [] for k, v in items: if k != 'password': - kvs.append(six.u('%s=%s') % (k, v)) + kvs.append(six.u('%s=%s') % (k, v[:256])) return '\n'.join(kvs)