What does upload allowed mean?

rhunter007

I know there is a setting in php.ini ("file_uploads") which decides whether php uploads are allowed or not. My question is, how does the php/web server act differently based on this setting?

Put another way, what happens if I write a loop that sends say 1 meg of data for each iteration in the form of HTTP POST file uploads to a server running PHP? If the file_uploads setting is off, is the bandwidth of the server still wasted? If so, then isn't this a trivial resource-hogging attack?

chads2k2

I might be wrong here, so don't use this like a data sheet or anything but as to my understanding that your PHP.ini file will also have a timeout rate set. This will prevent you sitting there for hours sending MB's to the server without any protection. Also your web browser will have timeouts as well. I think 90 sec. is the default. Just don't quote me on that one. 🙂 That is just my understanding, but great question!!

Chad