On 29 August 2010 13:17, dave b <db.pub.m...@gmail.com> wrote: > On 29 August 2010 08:28, Steve Holden <holden...@gmail.com> wrote: >> On 8/28/2010 6:10 PM, Graham Dumpleton wrote: >>> On Aug 28, 11:21 pm, dave b <db.pub.m...@gmail.com> wrote: >>>>>>> So obviously my proposed attack is to simply say "content length is >>>>>>> tiny" and "this file is actually HUGE". >> [...] >>> All up, I would suggest you are getting worked up over nothing. >> +1 >> > > Yes I have :) it "works for me tm". > Also, you have to consider the other problem. If the file is > 2.5 mb > it can be put in /tmp and this has no size limits which again is going > to make the system slower and can be used to attack it? in either case > there seem to be real protections against this in django core as far > as I can see. >
I meant "no" real protections against this in django core. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
