I'm using a simple html form to upload a few simple text files to my
Django-based application. It's working nicely, I'm able to retrieve
the request.FILES objects and store them away as I wish. Upon receipt
of the request object in my views.py I get the file object, and check
its size with
request.FILES[myFileName].size
...and if it is bigger than about 10kB, I return, rendering up an
error page to complain to the user.
Two questions:
1. Django docs says that any file under about 2.5M gets held in memory
until I save it away. I assume then, that if I don't save it, the
hander def in my views.py finishes and that memory is freed - or do I
have to worry about that using up memory?
2. Is there any way for me to verify and halt based on file size
DURING the upload? I'm concerned that someone can try to upload a
100GB file and since I don't test until the views.py handler gets
called, I assume it would tie up my service and eat up a pile of disk
space as it goes past the 2.5M memory limit.
I hope there is some way to avoid such a denial of service attack.
Thanks,
Ross.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
