Nicolas Lehuen
nicolas.lehuen at gmail.com
Fri Mar 25 15:04:47 EST 2005
>From the source code (mod_python/util.py line 169), it seems that mod_python will stream to a temporary file instead of memory if and only if the Content-Disposition header of the file attachement contains a filename attribute. Otherwise, it loads the file into memory, hence the MemoryError. Now, does your browser correctly send a filename attribute ? Maybe FieldStorage should not care about a filename being available and always try to stream to disk ? Anyway, I agree with Jorey, HTTP is not made for this kind of huge file transfer... Regards, Nicolas On Fri, 25 Mar 2005 12:08:01 -0500, Jorey Bump <list at joreybump.com> wrote: > Barry Pearce wrote: > > > Ive just tried to upload an .iso using FieldStorage - an unfortunately > > this causes some problems - namely it just calls 'readline' without a > > specific sizing. > > > > Im going to take a look at the code and try to improve it so that it > > would cope with multi-GB files... > > > Any thoughts before I plough headlong into this? > > I would probably never allow transfers of this type using HTTP, so be > sure to provide sane defaults and a limiting mechanism. > > Also, considering the amount of time it would take to complete the > transfer on just about any typical connection, how many simultaneous > transfers would be possible in a default apache setup before it > effectively stops serving pages? > > How will you handle uploads of the same file when a luser keeps > submitting the same form? For small files, this is a nuisance, but for > large ones it could be a catastrophe. > > Finally, consider every aspect of the worst case scenario and don't > discount human stupidity. For example, a user once tried to send me an > email with a 40GB attachment (the entire C: drive) using Outlook > Express. His mail server properly identified the maximum size it would > handle, but OE stubbornly continued to transfer bytes and attempted to > clear out its Outbox all night long (he had gone to bed). In the > morning, his provider gave him an angry call. We took the machine > offline and spent a couple of hours trying to purge the message from OE > (harder than you would think). Test your code with every browser > available to you, and do every stupid thing you can think of before > giving ordinary users the power to DoS your system. > > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python >
|