Roundup Tracker - Issues

Issue 2551266

classification
Support limiting POST (file upload) size
Type: behavior Severity: normal
Components: Web interface Versions:
process
Status: new
:
: : rouilj
Priority: : Effort-Low

Created on 2023-02-27 14:29 by rouilj, last changed 2023-02-27 14:29 by rouilj.

Messages
msg7735 Author: [hidden] (rouilj) Date: 2023-02-27 14:29
With the cgi module you can limit the size of a POST request used for uploading files.

   import cgi

   # Maximum input we will accept when REQUEST_METHOD is POST
   # 0 ==> unlimited input
   cgi.maxlen = 10 * 1024 * 1024 # 10MB

(https://webpy.org/cookbook/limiting_upload_size)

If there is just one file uploaded, this places a maximum size limit
on the file. Roundup can attach multiple files in one POST request.
So this isn't really useful for limiting the attached file size.
An auditor is a better choice to limit attached file size.

However this can be a good defense against a DOS attack for large POST
requests that try to eat all the disk space or memory while handling
the POST.

I suggest adding the setting to the [web] section of the configuration
file. Default value of 0 (no limit, same as current). I think megabyte
units make sense for this. Make value a floating point number, so you
can express kb, bytes etc. if needed. Value is converted to bytes for
use internally.
History
Date User Action Args
2023-02-27 14:29:32rouiljcreate