On Jul 23, 2008, at 4:47 PM, Sergey Schetinin wrote: >> Whether or not CONTENT_LENGTH is set (and it wouldn't be present in >> the case >> of a malicious attack, though not sure if some other part of the >> HTTP stack >> catches that), >> the current approaches read the whole stream into a tempfile. > > It's not entirely up to the attacker, it depends on the server. The > attacker might omit Content-Length but the WSGI gateway can handle > that by pre-reading the input stream and setting actual > CONTENT_LENGTH, in that case Pylons app is not the place to handle the > limits anyway. I'd say it's not the place in any case because the > server / gate or middleware should do that.
agreed. So should paste's own HTTP server support this within ? _______________________________________________ Paste-users mailing list [email protected] http://webwareforpython.org/cgi-bin/mailman/listinfo/paste-users
