Re: potential issue re in memory django file uploading.

On 29 August 2010 08:28, Steve Holden <holdenweb@gmail.com> wrote:
> On 8/28/2010 6:10 PM, Graham Dumpleton wrote:
>> On Aug 28, 11:21 pm, dave b <db.pub.m...@gmail.com> wrote:
>>>>>> So obviously my proposed attack is to simply say "content length is
>>>>>> tiny" and "this file is actually HUGE".
> [...]
>> All up, I would suggest you are getting worked up over nothing.
> +1
>

Yes I have :) it "works for me tm".
Also, you have to consider the other problem. If the file is > 2.5 mb
it can be put in /tmp and this has no size limits which again is going
to make the system slower and can be used to attack it? in either case
there seem to be real protections against this in django core as far
as I can see.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.