On Sun, 2010-05-30 at 14:59 -0700, Edward Cannon wrote: > Another method used by many websites is to put a limit on uploaded > file size. This has the double benifit of saving on bandwidth as well. > Facebook uses 5MB
This is no magic bullet, though. As with ZIP bombs, you can craft a malicious image in such a way, that taking few hundred kilobytes it will still have a giant resolution and when unpacked take many gigabytes of memory to make your server go into swap and die. Hey, by the way... If you don't ulimit your Python processes, that's pretty lame. A single minor mistake / lack of a sanity check in the code and a successful DOS against your server is warranted. -- Sincerely yours, Yury V. Zaytsev _______________________________________________ Image-SIG maillist - Image-SIG@python.org http://mail.python.org/mailman/listinfo/image-sig
