[Web-SIG] Implementing File Upload Size Limits
Randy Syring
randy at rcs-comp.com
Sat Nov 22 10:07:53 CET 2008
I did find this:
http://wiki.pylonshq.com/display/pylonscookbook/A+Better+Way+To+Limit+File+Upload+Size
Which was good, but still leaves some unanswered questions:
* What if one is not using the paste http server?
* This method gives an unfriendly response. What would be the best
method to propagate this error condition down to the app so that a
message could be given to the user in the context of the form they
had previously submitted (i.e. an error message under the input
field reminding them of the max upload size and even possibly
telling them how big the file was they uploaded).
Thanks.
--------------------------------------
Randy Syring
RCS Computers & Web Solutions
502-644-4776
http://www.rcs-comp.com
"Whether, then, you eat or drink or
whatever you do, do all to the glory
of God." 1 Cor 10:31
Randy Syring wrote:
> I am looking for opinions and thoughts on best practice for limiting
> file upload size. I have a few considerations:
>
> * Ultimately, I would want my application with my method of
> handling forms to be able to give the user a message that the
> file size was too big. That means that however, the size is
> limited, just blanking out wsgi.input and setting content-length
> to zero doesn't seem correct. That would make it look like the
> form wasn't submitted with any data I believe.
> * Given the above, it seems that something would need to get put
> in the environment to tell middleware and the application that
> the file input was aborted, but what would be the best way for
> doing it? Should it be some kind of standard, or just dependent
> on your server or middleware?
> * It seems best to implement this functionality as the very first
> middleware in the stack. Since other middleware read and
> manipulate wsgi.input, handling the upload size at the
> application level wouldn't prevent middlware from wasting
> resources dealing with a very large file.
>
> Is it possible to prevent the server from even accepting all the data
> (i.e. trying to save bandwidth and server resources) if the
> content-length is known to be too big? Or is the server required to
> take all the client's data regardless, even if it ends up going in the
> bit bucket? I realize some of this is server specific, not WSGI
> specific, but I would be interested in knowing how the most popular
> servers handle this or what the HTTP specs require if anyone knows.
>
> Thanks in advance for any insight you might be able to provide.
> --
> --------------------------------------
> Randy Syring
> RCS Computers & Web Solutions
> 502-644-4776
> http://www.rcs-comp.com
>
> "Whether, then, you eat or drink or
> whatever you do, do all to the glory
> of God." 1 Cor 10:31
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Web-SIG mailing list
> Web-SIG at python.org
> Web SIG: http://www.python.org/sigs/web-sig
> Unsubscribe: http://mail.python.org/mailman/options/web-sig/randy%40rcs-comp.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/web-sig/attachments/20081122/7a814117/attachment.htm>
More information about the Web-SIG
mailing list