On 7/8/06, Erik Moeller <eloquence(a)gmail.com> wrote:
The archive could also contain a large number of files
of normally
acceptable size (e.g. 100*1MB). Finally, keep in mind that an attacker
could upload multiple ZIP files in a row to spam the server.
Both of these problems may be less serious if temporary files are
thrown away immediately if they are not valid files. It's probably
still possible to generate huge files that pass the MIME check, but
not something a typical skript kiddy could easily do.
Erik