[cgiapp] Data validation of file uploads
Michael Peters
mpeters at plusthree.com
Mon Sep 20 09:25:25 EDT 2010
On 09/20/2010 03:01 AM, Nicholas Bamber wrote:
> For the purposes of my discussion we can assume that, say 5M, is a
> reasonable maximum file size. The modules that I am comparing with do
> slurp the entire file into memory. And by only providing a file handle
> they force the caller to do it more than once.
But even 5M is still a lot to have your processes grow by on each
request. For instance, a common mod_perl setup with say 100 apache
children could grow by half a gig really fast and result in total
machine lockup. It's not an edge case to not want to expose yourself to
a DOS attack.
--
Michael Peters
Plus Three, LP
More information about the cgiapp
mailing list