filesize info in header
Posted: Sun May 10, 2009 5:51 am
I'm building a website which allows users to put the URL of their text files in a querry parameter. Ex:
process.php?loc=http://domain.com/user/filename.txt
My PHP scripts always load the contents of these textfiles and that's why I need to check the filesize of these files, to prevent my site from crashing. But now, I got a bigger question. What if a hacker is able to change the filesize header info but in actuality the file is still extra large? Will Apache (I am using Apache) stop downloading the bits in excess of the declared filesize in the header or it will load the entire large file regardless of the the filesize header info?
process.php?loc=http://domain.com/user/filename.txt
My PHP scripts always load the contents of these textfiles and that's why I need to check the filesize of these files, to prevent my site from crashing. But now, I got a bigger question. What if a hacker is able to change the filesize header info but in actuality the file is still extra large? Will Apache (I am using Apache) stop downloading the bits in excess of the declared filesize in the header or it will load the entire large file regardless of the the filesize header info?