How to avoid tempfile generation for uploaded file ?

I don’t think this is a sensible tradeoff - there are plenty of better ways to make sure that temporary files aren’t executable. For instance, putting the directory on they’re in on a partition mounted with noexec (or just NOT EXECUTING them).

On the other hand, streaming them into memory makes it trivial to completely DDOS your server, by simply sending a file larger than the available RAM.

–Matt Jones