Quantcast
Python CherryPy cherrypy-users

Safe File Upload

classic Classic list List threaded Threaded
3 messages Options
fb-16
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Safe File Upload

fb-16

Hi,

I am starting to learn how to handle file uploads with CherryPy.
tutorial/tut09_files.py states that "When a client uploads a file to a
CherryPy application, it's placed on disk immediately."

To me, this sounds a bit risky. I run a virtual server with 2GB HD
space
and imagine someone uploading /dev/random or /dev/zero until my disk
bursts. ;-)

Is there a way to cancel the upload once it exceedes a certain size
_before_ the entire file is written to disk? As I understand it, this
is not possible from within a CherryPy application.

I'll be happy about help or pointers.

Best regards,

        Florian Berger, Leipzig, Germany


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Sylvain Hellegouarch
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Safe File Upload

Sylvain Hellegouarch

fb wrote:

> Hi,
>
> I am starting to learn how to handle file uploads with CherryPy.
> tutorial/tut09_files.py states that "When a client uploads a file to a
> CherryPy application, it's placed on disk immediately."
>
> To me, this sounds a bit risky. I run a virtual server with 2GB HD
> space
> and imagine someone uploading /dev/random or /dev/zero until my disk
> bursts. ;-)
>
> Is there a way to cancel the upload once it exceedes a certain size
> _before_ the entire file is written to disk? As I understand it, this
> is not possible from within a CherryPy application.

It is actually possible already by setting the following two keys:

server.max_request_body_size: size_in_bytes
server.max_request_header_size: size_in_bytes

When a POST contains a bigger body thant the size defined an HTTP error
code 413 will be returned.

- Sylvain

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---

fb-16
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Safe File Upload

fb-16

Hi,

> It is actually possible already by setting the following two keys:
> server.max_request_body_size: size_in_bytes
> server.max_request_header_size: size_in_bytes

That's exactly what I was looking for. Thanks a lot!

Best regards,

Florian


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups-beta.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Loading...
Powered by Nabble Edit this page