file upload = simple DoS possibility

Thread: file upload = simple DoS possibility

Search this list only Search all lists
file upload = simple DoS possibility
	2006-08-29 10:58:45
Hi all. Is the any way to control upload process (max file size, etc.)? Great framework but file upload can couse DoS. For example: class Account(models.Model): user = models.OneToOneField(User) birthday = models.DateField(blank=True, null=True) icq = models.IntegerField(blank=True, null=True) website = models.URLField(blank=True, null=True) resume = models.TextField(blank=True, null=True) userpic = PhotoField(upload_to='upload', width=100, height=100, null=True, blank=True) User can try to upload any size file and waste all server's cpu and memory and you can imagine situation with hundreds of uploads! I've patched django with 3581-streaming_uploads_and_uploadprogress_middleware_x_progr ess_id.diff but I see no performance improvements :( --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-usersgooglegroups.com To unsubscribe from this group, send email to django-users-unsubscribegooglegroups.com For more options, visit this group at http://gr oups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---

file upload = simple DoS possibility
	2006-08-29 22:06:45
On 8/29/06, Michael Samoylov <suncinemagmail.com> wrote: > Is the any way to control upload process (max file size, etc.)? Great > framework but file upload can couse DoS. > [...] > User can try to upload any size file and waste all server's cpu and > memory and you can imagine situation with hundreds of uploads! I've > patched django with > 3581-streaming_uploads_and_uploadprogress_middleware_x_progr ess_id.diff > but I see no performance improvements :( Hi Michael, I'd recommend handling this at the Apache level. See the LimitRequestBody directive: http://httpd.apache.org/docs/2.2/mod/core.html#li mitrequestbody Adrian -- Adrian Holovaty holovaty.com \| djangoproject.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-usersgooglegroups.com To unsubscribe from this group, send email to django-users-unsubscribegooglegroups.com For more options, visit this group at http://gr oups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---

file upload = simple DoS possibility
	2006-08-30 08:13:25
Adrian Holovaty wrote: > I'd recommend handling this at the Apache level. See the > LimitRequestBody directive: > > http://httpd.apache.org/docs/2.2/mod/core.html#li mitrequestbody Thanks a lot! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-usersgooglegroups.com To unsubscribe from this group, send email to django-users-unsubscribegooglegroups.com For more options, visit this group at http://gr oups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )