|
Nick
nick at dd.revealed.net
Fri Mar 25 15:20:42 EST 2005
Nicolas Lehuen wrote: > Like I've wrote in another mail, FieldStorage will stream only if the > Content-Disposition header of the file part of the POST entity > contains a filename attribute (see mod_python/util.py line 169). Maybe > we should change this behaviour : > > 1) Always stream to disk unless told otherwise I would agree this should be done. Regardless of whether HTTP should or should not be used for huge file uploads, it does leave you open to DoS. Nick
|