This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: cgi module should handle large post attack
Type: Stage:
Components: Extension Modules Versions:
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: akuchling Nosy List: akuchling, insomnike, yueluo
Priority: normal Keywords:

Created on 2003-06-22 05:20 by yueluo, last changed 2022-04-10 16:09 by admin. This issue is now closed.

Messages (4)
msg16577 - (view) Author: Yue Luo (yueluo) Date: 2003-06-22 05:20
Currently, the FieldStorage class will try to read in all 
the client's input to the cgi script.  This may result in 
deny of service attack if the client tries to post huge 
amount of data.   I wonder if FieldStorage could take a 
parameter limiting the max post size just like the 
$CGI::POST_MAX in Perl CGI.pm module.
msg16578 - (view) Author: Yue Luo (yueluo) Date: 2003-06-22 15:37
Logged In: YES 
user_id=806666

Also, a parameter like Perl's $CGI::DISABLE_UPLOADS is also a 
good idea.

msg16579 - (view) Author: Aaron Brady (insomnike) Date: 2004-06-05 19:11
Logged In: YES 
user_id=1057404

cgi.py does support a cgi.maxlen variable which can be used
for this purpose. It defaults to 0, however.
msg16580 - (view) Author: A.M. Kuchling (akuchling) * (Python committer) Date: 2004-06-05 19:12
Logged In: YES 
user_id=11375

Closing.
History
Date User Action Args
2022-04-10 16:09:24adminsetgithub: 38700
2003-06-22 05:20:20yueluocreate