Hello I have 15000 data and set Maxrecord to 10
I am using the OnPaginationNavigate Client action to turn the page.
At this time, Refresh Data is performed, and I found out that MaxRecords can be manipulated using the Burp suite.
It seems that DDos attack on the server is possible by changing the number of records to 15000 with a malicious attack. Is there a way to refresh the data in ServerAction? Or if there is any other solution, please suggest
Burp Stuie
Infinite loading of lists
Hi Mincheol,
It seems to me there's easier ways to DDos than to manipulate the MaxRecords. Also note that specifying a MaxRecords does not guarantee that the database doesn't need to fetch all records anyway, depending on the query (especially when sorting, you might need everything). So I doubt this is a serious threat.
As for your second question, if you wrap your query inside a Data Action, you should be able to avoid this. However, I don't think it's worth the trouble!