Increase Post_Max_Size Security Risks?

I need to increase the maximum upload size to 50MB. In the php.ini file, I changed the `upload_max_filesize` from 8M to 50M but that didn't fix the problem. I'm still getting the following error:

Error File is too large. Max uploading size is 8M

I assume I have to modify the `post_max_size` from 8M to 50M but I was told by the server administrator that increasing the `post_max_size` can be a security risk.

Does increasing `post_max_size` create a security risk? If so, can I increase the upload limit without increasing the `post_max_size`?


It can be a risk for a conscious attack. I.e. flooding your server with extremely large post requests.

But if you need large data, then you have no other choice.

Since the data is posted, you will bump up against that limit.

Thanks for the response. Can the software be coded to only use `upload_max_filesize` and NOT use `post_max_size`? Essentially uploading files using an upload function and not a POST function.

Does that make sense?

Doesn't make sense to me. The data would always be POSTed unless you uploaded a file to the server and then modified things to reference that file versus uploading it through HTTP.

Many people change the default PHP parameters to account for the extenuating needs. I don't think it's any more of a security risk than the current limits unless you don't have the physical memory to back it up.