Re: File uploading methods compared

I just want to mention mhl2003's comment about

you can set the $CGI::POST_MAX and $CGI::DISABLE_UPLOADS to specify the maximum bytesize of a file that can be uploaded and to enable/disable file uploads, respectively. The link above contains information on those variables as well.

I don't do cgi much, but the last time I messed with it, there was a problem with using $CGI::POST_MAX , in that it will actully start uploading the file and continue until the MAX is exceeded. This can be a problem with big files, since it could be used as a "Denial-of-service" attack, where someone could purposely upload large oversized files, and bog down your server. The $ENV{CONTENT_LENGTH} is sent right away, so the cgi script, can cancel the upload immediately.

This may have been fixed, but I would stick with $ENV{CONTENT_LENGTH}.

I'm not really a human, but I play one on earth. flash japh

Comment on Re: File uploading methods compared

Replies are listed 'Best First'.
Re^2: File uploading methods compared by Anonymous Monk on May 15, 2005 at 12:39 UTC
I don't do cgi much, but the last time I messed with it, there was a problem with using $CGI::POST_MAX , in that it will actully start uploading the file and continue until the MAX is exceeded. That because of the nature of HTTP. If you want the client to receive a HTTP response, you have to wait for his HTTP request, and by the time perl starts reading from STDIN, the webserver has probably received all the data the client had to send. Some clients don't specify CONTENT_LENGTH.	[reply]

Replies are listed 'Best First'.

Re^2: File uploading methods compared
by Anonymous Monk on May 15, 2005 at 12:39 UTC

I don't do cgi much, but the last time I messed with it, there was a problem with using $CGI::POST_MAX , in that it will actully start uploading the file and continue until the MAX is exceeded.

Some clients don't specify CONTENT_LENGTH.

[reply]