Changes between Initial Version and Version 1 of Ticket #21231, comment 23
- Timestamp:
- Feb 4, 2014, 5:33:09 AM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21231, comment 23
initial v1 1 I just like to add that the fact that Django does not deal well with large form fields or multipart parts is an unexpected behaviour. Looking at the file upload features one would think that Django could cope well in use cases where we want to receive large file uploads, and so have our web server configured to allow large request bodies. In the case of "application/x-www-form-urlencoded" requests, large bodies should not be expected and normally we can filter them at the web server. But "multipart/form-data" requests are processed by the application, since we want to allow large FILE parts but not large FIELD parts, and itso it is there that safety measures need to be.1 I just like to add that the fact that Django does not deal well with large form fields or multipart parts is an unexpected behaviour. Looking at the file upload features one would think that Django could cope well in use cases where we want to receive large file uploads, and so have our web server configured to allow large request bodies. In the case of "application/x-www-form-urlencoded" requests, large bodies should not be expected and normally we can filter them at the web server. But "multipart/form-data" requests are processed by the application, since we want to allow large FILE parts but not large FIELD parts, and so it is there that safety measures need to be. 2 2 3 3 I know of several other sites that use Django, process large file uploads, which are susceptible to this issue. I've contacted the developers and they were indeed just as surprised as I was by this "feature" which I consider a security problem.