[Web-SIG] Implementing File Upload Size Limits

Randy Syring randy at rcs-comp.com
Sat Nov 22 06:50:45 CET 2008 

I am looking for opinions and thoughts on best practice for limiting 
file upload size.  I have a few considerations:

    * Ultimately, I would want my application with my method of handling
      forms to be able to give the user a message that the file size was
      too big.  That means that however, the size is limited, just
      blanking out wsgi.input and setting content-length to zero doesn't
      seem correct.  That would make it look like the form wasn't
      submitted with any data I believe.
    * Given the above, it seems that something would need to get put in
      the environment to tell middleware and the application that the
      file input was aborted, but what would be the best way for doing
      it?  Should it be some kind of standard, or just dependent on your
      server or middleware?
    * It seems best to implement this functionality as the very first
      middleware in the stack.  Since other middleware read and
      manipulate wsgi.input, handling the upload size at the application
      level wouldn't prevent middlware from wasting resources dealing
      with a very large file.

Is it possible to prevent the server from even accepting all the data 
(i.e. trying to save bandwidth and server resources) if the 
content-length is known to be too big?  Or is the server required to 
take all the client's data regardless, even if it ends up going in the 
bit bucket?  I realize some of this is server specific, not WSGI 
specific, but I would be interested in knowing how the most popular 
servers handle this or what the HTTP specs require if anyone knows.

Thanks in advance for any insight you might be able to provide.

-- 
--------------------------------------
Randy Syring
RCS Computers & Web Solutions
502-644-4776
http://www.rcs-comp.com

"Whether, then, you eat or drink or 
whatever you do, do all to the glory
of God." 1 Cor 10:31

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/web-sig/attachments/20081122/75882cf2/attachment.htm>

More information about the Web-SIG mailing list