Vulnerability in EPiServer.Forms
I had an issue with my client because some of the Sizes configured are not returning from BusinessManager.List. After some investigation, I found using the SQL Server Profile the queries are executed with TOP 1000.
My client in this moment has 1117 different sizes.
exec sp_executesql N'SELECT TOP 1000 [t01].[SizeId] AS [SizeId], [t01].[SizeName] AS [SizeName], [t01].[SizeCode] AS [SizeCode]
FROM [cls_Size] AS [t01]'
I developed a solution to get the information from this table.
Can I consider this an EpiServer issue?
There is a solution or path to fix this issue?
By default there is a limitation of 1000 BF entities being returned. You can change that value in Configs\baf.data.metaobject.config, change maxListObject to a bigger value. Note that a too big value can affect performance.
The value is an int so you can theoretically have up to more than 2 billion. However as I said, too big number can severely affect performance. You have to test for your website