New submission from Rob King:
The cgi module has a global variable, 'maxlen', that specifies the maximum
length of a POST request. By default, this limit is 0, meaning an unlimited
POST request size.
Having an unlimited default opens up CGI scripts to resource-exhaustion
attacks. Setting the maxlen variable to a nonzero integer solves this problem,
but this fix is not in the official documentation - neither the reference
manual nor the module's docstring.
I would recommend augmenting the module's docstring with the following
statement:
The maxlen variable can be set to an integer indicating the maximum size of a
POST request. POST requests larger than this size will result in a ValueError
being raised during parsing. The default value of this variable is 0, meaning
the request size is unlimited.
--
messages: 240965
nosy: deadpixi
priority: normal
severity: normal
status: open
title: Document the 'maxlen' member of the cgi module
versions: Python 3.4, Python 3.5, Python 3.6
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23952
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com