The thing I don't get is why CF couldn't look at the length parameter in the
HTTP header, and terminate the request if it doesn't like it... or does only IIS
get access to that before the whole HTTP request has gone through?
Theoretically, I imagine CF could start processing a request before the whole
request has come through, and block on any form field accesses.
David Cummins
Ryan wrote:
>
> >I'm pretty sure some of the replies here may have already answered
> >your question. I've battled with project managers about this because
> >they want to be able to somehow assure a client that there is NO way
> >you can upload a file greater than a certain size. And like the guys
> >before me have said, it is theoretically impossible to do... cf
> >doesn't know how large the file is until after it's completed the
> >upload. Some, in theory, someone could upload a 9GB file to your
> >server and take it down.
> >
> >The one thing that I think we can all fall back on in regards to the
> >possibility of someone sending an abnormally large file to then crash
> >the CFAS server, is that we can set CF to timeout after a certain
> >amount of time running a template. So, unless the client browser
> >uploading the file has a huge pipe to your server, the template will
> >time out BEFORE completely uploading his/her 9GB file they're trying
> >to upload.
>
> This is a good point. Also, when you specify where to write this file
> to disk (I think it writes it to disk before checking the size? Or
> is it in memory (hope not!)), you could specify a partition that is
> only X MB in size. Then if the file is so big it maxes out that partition,
> the user will probably get a CF error, but it won't bring your entire
> server down. This is easy to do on linux, I'm unsure if there is an equivalent
> on NT.
>
> RPS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
