> An attacker could also assemble a powerful explosive device and detonate > it near enough your hosting service to take your site down. What > counter-measures are you going to take against that?
Good question. I have two cats and they like to lick people ^^ They are a bit friendly I guess. Do you think I can train them to pounce on strangers? > You perhaps feel people aren't taking your proposal seriously enough. > The fact of the matter is that security is never absolute, and on a > threat scale of 0 to 10 this issue comes in at about 1.7. If you are > running a professional service and you are monitoring it correctly then > you ought to notice an attack of this nature before it does too much damage. Look I send you guys an email, I send a patch for one of the problems and point out the second one. I just can't make you guys happy can I ? http://cwe.mitre.org/top25/ [22] 145 CWE-770 Allocation of Resources Without Limits or Throttling http://cwe.mitre.org/top25/#CWE-770 But ok if you say so ;) I wonder how much ram most django commonly found django installations that allow file upload on the internet have? now remember a lot of those have a fairly fast download and upload ;) bonus points if they have mod_deflate decompressing the user body request ;) > I repeat, you may be correct in treating this as a vulnerability, but > your estimate of its seriousness appears to disagree with that of > others. If you want to have your code seriously considered for inclusion > (and why not?) you should raise it in the Django issue tracker - see > "Reporting Bugs" in I did as I was suggested to do so :) Some one first told me on irc in #django that I should raise it here first :) Please see http://code.djangoproject.com/ticket/14192 -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
