cgi module should handle large post attack

[yueluo]

BPO	758665
Nosy	@akuchling

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/akuchling'
closed_at = <Date 2004-06-05.19:12:57.000>
created_at = <Date 2003-06-22.05:20:20.000>
labels = ['extension-modules', 'invalid']
title = 'cgi module should handle large post attack'
updated_at = <Date 2004-06-05.19:12:57.000>
user = 'https://bugs.python.org/yueluo'

bugs.python.org fields:

activity = <Date 2004-06-05.19:12:57.000>
actor = 'akuchling'
assignee = 'akuchling'
closed = True
closed_date = None
closer = None
components = ['Extension Modules']
creation = <Date 2003-06-22.05:20:20.000>
creator = 'yueluo'
dependencies = []
files = []
hgrepos = []
issue_num = 758665
keywords = []
message_count = 4.0
messages = ['16577', '16578', '16579', '16580']
nosy_count = 3.0
nosy_names = ['akuchling', 'insomnike', 'yueluo']
pr_nums = []
priority = 'normal'
resolution = 'not a bug'
stage = None
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue758665'
versions = []

[yueluo]

Currently, the FieldStorage class will try to read in all
the client's input to the cgi script. This may result in
deny of service attack if the client tries to post huge
amount of data. I wonder if FieldStorage could take a
parameter limiting the max post size just like the
$CGI::POST_MAX in Perl CGI.pm module.

[yueluo]

Logged In: YES
user_id=806666

Also, a parameter like Perl's $CGI::DISABLE_UPLOADS is also a
good idea.

[insomnike]

Logged In: YES
user_id=1057404

cgi.py does support a cgi.maxlen variable which can be used
for this purpose. It defaults to 0, however.

[akuchling]

Logged In: YES
user_id=11375

Closing.