I used (sometimes still using) o'reillys file upload utility (com.oreilly.servlet.MultipartRequest). You can tell the MultipartRequest how much data you actually want to have. The problem is, that It uploads all_the_data (at least done in earlier versions) and determines then, that the file was too large and should be refused. This means, that you actually receive 1 gig of data (ok, one gig isn't possible due to timeouts, but 10-50 Mbs are) just to tell the user, that you wanted 100K?
Ok, in our time, it's not a problem was sasser kids to bring down you server just by filling the complete bandwidth (except you are akamai-ed, but this is quite expensive), but you shouldn't make it too easy for them too, right? Regards Leon > -----Ursprüngliche Nachricht----- > Von: Frank W. Zammetti [mailto:[EMAIL PROTECTED] > Gesendet: Montag, 7. März 2005 20:05 > An: Struts Users Mailing List > Betreff: Re: AW: DownloadAction Application > > FYI, Commons Fileupload DOES have a max feature. Not sure > what happens when the max is reached, but its there. > > -- > Frank W. Zammetti > Founder and Chief Software Architect > Omnytex Technologies > http://www.omnytex.com > > On Mon, March 7, 2005 1:50 pm, Leon Rosenberg said: > >> > >> HTML/HTTP doesn't support that, IMHO. The <input > type="file"...> tag > >> just grabs the file and starts sending it. The server has > no clue how > >> large the file is until the entire thing arrives. > > > > That is what I know too. And this is ugly. > > IMHO it's a fat security hole, since it's really easy for a script > > kidie to create an upload script and kill yourself with meaningless > > data instead of pix or whatever you permit to upload. > > > > Maybe a small signed java applet could close this hole? > > I would participate in writing one, if it's for interest to > more people. > > > > Regards > > Leon > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
