> On 29 August 2010 08:28, Steve Holden <holdenweb@gmail.com> wrote:
>> On 8/28/2010 6:10 PM, Graham Dumpleton wrote:
>>> On Aug 28, 11:21 pm, dave b <db.pub.m...@gmail.com> wrote:
>>>>>>> So obviously my proposed attack is to simply say "content length is
>>>>>>> tiny" and "this file is actually HUGE".
>> [...]
>>> All up, I would suggest you are getting worked up over nothing.
>> +1
>>
>
> Yes I have :) it "works for me tm".
> Also, you have to consider the other problem. If the file is > 2.5 mb
> it can be put in /tmp and this has no size limits which again is going
> to make the system slower and can be used to attack it? in either case
> there seem to be real protections against this in django core as far
> as I can see.
>
I meant "no" real protections against this in django core.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment