I`m writing a forum with possibility of attachments and looking for a way to refuse over-sized uploads. Validator IS_LENGTH() checks for upload file size, but only after the whole file transfered to server. This may be a security issue, since several attackers can start to upload Gb files to server simultaneously and overload it.
I searched but did not found how web2py can refuse an upload before it started. But I found that if I add this line to *copystream_progress*function in *gluon\main.py:* if size>1000000: raise HTTP(403, "file size > 1mb, refused") - this works and does not allow over-sized file to go through. Is this a possible way to deal with this problem? Or did I brake something if I ad such line to *copystream_progress*? May be there is already implemented in web2py way? -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
