[Twisted-Python] HTTP versions

Itamar Shtull-Trauring itamar at itamarst.org
Mon Jun 2 00:55:01 EDT 2003

On Sun, 1 Jun 2003 22:22:36 -0600
Andrew Dalke <dalke at dalkescientific.com> wrote:

> The Message is used only for parsing the headers, so file uploads
> aren't relevant.  As it is now, the headers are processed, line by
> line. Partial lines are stored in-memory as "__header", when a full
> line, including continuations, is read, it's passed to an in-memory
> dict, which is eventually passed to the Request.  There's no disk
> involvement at all, and this is all that I plan to change.

I'm pretty sure cgi.FieldStorage parses *everything*, headers, file
uploads, request args, etc, and so we may as well use that. You can see
my patch somewhere around the 0.99.7 release, IIRC, in CVS (check out
the viewcvs web interface to find it).

> BTW, is there a way to limit the amount of data which can be passed
> in a header?  I don't like the potential DoS attack possible either
> through dumping 1GB of header to the server, or by the hash collision
> attack mentioned recently on c.l.py.  One solution is to do as Apache
> does and limit the header to N bytes total.

Lines length is limited by LineReceiver class.

> Oh, I understand that.  Is there a reason to keep the historical
> differences?  I think there should be a migration path to make
> Twisted use more of existing Python libraries.

A migration path isn't necessary. If you can make Twisted be shorter,
less buggy by using Python standard lib, feel free. Just as long as its
backwards compatible.

> Understood.  I don't think that interface code will change all
> that much, except that I would like a 2-ple version ... ahh! I
> can just make a "version" and a "version_tuple", rather like
> what Python does.  Those are just attributes, after all.

Right, that's the general approach.

Itamar Shtull-Trauring    http://itamarst.org/
http://www.zoteca.com -- Python & Twisted consulting

More information about the Twisted-Python mailing list