On Wed, 2007-06-13 at 13:53 +0800, Nimrod A. Abing wrote: > Hello, > > Regarding very large file uploads, I know this probably gets asked a > lot and I've found one thread that comes close to what the answer I'm > looking for: > > http://groups.google.com/group/django-users/browse_thread/thread/ca95963aaa33ce1e/c69fb3381885f9a7 > > This thread was posted about a year ago and I cannot find any > follow-ups to this discussion. I am running Django using mod_python > and my question is: What happens when a very large file is uploaded? > Does it all get stored in memory or is it stored in a temp file and > accessed as a byte stream?
See ticket #2070. The final patch there is awaiting some review time from one of the core developers, but should be pretty close to final now. > > I want to be able to allow very large file uploads but I want to make > sure an upload does not use up all the memory on the machine. > > Regarding cookie-less visitors or visitors with cookies disabled on > their browser or proxy. Django, with the SessionMiddleware, will > always create a new session and send a new session id as a cookie to > the browser. Even with just the HEAD script from libwww-perl, I am > able to get the site to issue new sessions with every HEAD request. > What happens if a script kiddie hammers the site with so many HEAD > requests? The difficulty is distinguishing between when the user needs a session and when they don't. If your site uses the session middleware and a DOS attack of this nature is possible, you need to defend against it at a higher layer (web server or firewall). Django doesn't track the IP address for session cookies (since they aren't tied to a particular IP address), so there's no way to determine the problem exists at the Django level. You could build a middleware that tracks this information fairly easily, though, and use that as a defensive layer as well. > Do dead/unused sessions pile up on the sessions table? Does > Django do anything to mitigate this or at least clean up dead/unused > sessions automatically? No. However, there is a script in django/bin called daily_cleanup.py that you can put in a cronjob to clean up expired sessions. Again, because of lack of IP address tracking or anything of that nature, only expired cookies can be cleaned up by this process. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
