[ python-Bugs-758665 ] cgi module should handle large post attack
SourceForge.net
noreply at sourceforge.net
Sat Jun 5 15:11:03 EDT 2004
Bugs item #758665, was opened at 2003-06-22 05:20
Message generated for change (Comment added) made by insomnike
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=758665&group_id=5470
Category: Extension Modules
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Yue Luo (yueluo)
Assigned to: Nobody/Anonymous (nobody)
Summary: cgi module should handle large post attack
Initial Comment:
Currently, the FieldStorage class will try to read in all
the client's input to the cgi script. This may result in
deny of service attack if the client tries to post huge
amount of data. I wonder if FieldStorage could take a
parameter limiting the max post size just like the
$CGI::POST_MAX in Perl CGI.pm module.
----------------------------------------------------------------------
Comment By: Aaron Brady (insomnike)
Date: 2004-06-05 19:11
Message:
Logged In: YES
user_id=1057404
cgi.py does support a cgi.maxlen variable which can be used
for this purpose. It defaults to 0, however.
----------------------------------------------------------------------
Comment By: Yue Luo (yueluo)
Date: 2003-06-22 15:37
Message:
Logged In: YES
user_id=806666
Also, a parameter like Perl's $CGI::DISABLE_UPLOADS is also a
good idea.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=758665&group_id=5470
More information about the Python-bugs-list
mailing list