[Twisted-web] web2

Andrea Arcangeli andrea at cpushare.com
Thu Mar 17 16:29:31 MST 2005


On Thu, Mar 17, 2005 at 11:35:39AM -0800, Lenny G Arbage wrote:
> * btw, isn't this a security hole for any webserver
> running off of twisted-web.resource.Resource -based
> websites -- if a client does a post with
> multipart/form-data and then just streams data
> endlessly, the server process mushrooms to fill all
> available memory and swap?

I hope there is a limit to it. OTOH this is a memleak only, nevow
carryover has memleak possibilities too. So while in the long run it
would need to be fixed (as well as nevow carryover, with a simple
timestamp to collect the obsolete entries), this would be a minor
security issue after all.



More information about the Twisted-web mailing list