I am looking for opinions and thoughts on best practice for limiting
file upload size. I have a few considerations:
* Ultimately, I would want my application with my method of handling
forms to be able to give the user a message that the file size was
too big. That means that however, the size is limited, just
blanking out wsgi.input and setting content-length to zero doesn't
seem correct. That would make it look like the form wasn't
submitted with any data I believe.
* Given the above, it seems that something would need to get put in
the environment to tell middleware and the application that the
file input was aborted, but what would be the best way for doing
it? Should it be some kind of standard, or just dependent on your
server or middleware?
* It seems best to implement this functionality as the very first
middleware in the stack. Since other middleware read and
manipulate wsgi.input, handling the upload size at the application
level wouldn't prevent middlware from wasting resources dealing
with a very large file.
Is it possible to prevent the server from even accepting all the data
(i.e. trying to save bandwidth and server resources) if the
content-length is known to be too big? Or is the server required to
take all the client's data regardless, even if it ends up going in the
bit bucket? I realize some of this is server specific, not WSGI
specific, but I would be interested in knowing how the most popular
servers handle this or what the HTTP specs require if anyone knows.
Thanks in advance for any insight you might be able to provide.
--
--------------------------------------
Randy Syring
RCS Computers & Web Solutions
502-644-4776
http://www.rcs-comp.com
"Whether, then, you eat or drink or
whatever you do, do all to the glory
of God." 1 Cor 10:31
_______________________________________________
Web-SIG mailing list
Web-SIG@python.org
Web SIG: http://www.python.org/sigs/web-sig
Unsubscribe:
http://mail.python.org/mailman/options/web-sig/archive%40mail-archive.com
