Message240965
The cgi module has a global variable, 'maxlen', that specifies the maximum length of a POST request. By default, this limit is 0, meaning an unlimited POST request size.
Having an unlimited default opens up CGI scripts to resource-exhaustion attacks. Setting the maxlen variable to a nonzero integer solves this problem, but this fix is not in the official documentation - neither the reference manual nor the module's docstring.
I would recommend augmenting the module's docstring with the following statement:
"The maxlen variable can be set to an integer indicating the maximum size of a POST request. POST requests larger than this size will result in a ValueError being raised during parsing. The default value of this variable is 0, meaning the request size is unlimited." |
|
Date |
User |
Action |
Args |
2015-04-14 17:58:05 | deadpixi | set | recipients:
+ deadpixi |
2015-04-14 17:58:05 | deadpixi | set | messageid: <1429034285.17.0.254053228622.issue23952@psf.upfronthosting.co.za> |
2015-04-14 17:58:05 | deadpixi | link | issue23952 messages |
2015-04-14 17:58:05 | deadpixi | create | |
|