I'd be willing to bet Commons does the same thing, but I don't know for sure. Anyone reading this able to illuminate us?
Yeah, I know what you mean... lousy kids these days, busting up all my code! :) (We'll ignore that my code probably should have been more robust!) Unfortunately I used to BE one of those kids. Hopefully they learn what's right and what's wrong like I did, before they do serious damage and/or wind up in jail. It only cost me a $600 phone bill back in '85 to learn my lesson as a teen, but things weren't as crazy back then as they are now. I don't get the feeling people are too interested in slapping kids on the wrist any more, it seems a hacker is just as likely to wind up in jail as a rapist is nowadays. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, March 7, 2005 2:16 pm, Leon Rosenberg said: > I used (sometimes still using) o'reillys file upload utility > (com.oreilly.servlet.MultipartRequest). > You can tell the MultipartRequest how much data you actually want to have. > The problem is, that > It uploads all_the_data (at least done in earlier versions) and determines > then, that the file was too > large and should be refused. This means, that you actually receive 1 gig > of > data (ok, one gig isn't possible due to timeouts, but 10-50 Mbs are) just > to > tell the user, that you wanted 100K? > > Ok, in our time, it's not a problem was sasser kids to bring down you > server > just by filling the complete bandwidth (except you are akamai-ed, but this > is quite expensive), but you shouldn't make it too easy for them too, > right? > > Regards > Leon > > > >> -----Ursprüngliche Nachricht----- >> Von: Frank W. Zammetti [mailto:[EMAIL PROTECTED] >> Gesendet: Montag, 7. März 2005 20:05 >> An: Struts Users Mailing List >> Betreff: Re: AW: DownloadAction Application >> >> FYI, Commons Fileupload DOES have a max feature. Not sure >> what happens when the max is reached, but its there. >> >> -- >> Frank W. Zammetti >> Founder and Chief Software Architect >> Omnytex Technologies >> http://www.omnytex.com >> >> On Mon, March 7, 2005 1:50 pm, Leon Rosenberg said: >> >> >> >> HTML/HTTP doesn't support that, IMHO. The <input >> type="file"...> tag >> >> just grabs the file and starts sending it. The server has >> no clue how >> >> large the file is until the entire thing arrives. >> > >> > That is what I know too. And this is ugly. >> > IMHO it's a fat security hole, since it's really easy for a script >> > kidie to create an upload script and kill yourself with meaningless >> > data instead of pix or whatever you permit to upload. >> > >> > Maybe a small signed java applet could close this hole? >> > I would participate in writing one, if it's for interest to >> more people. >> > >> > Regards >> > Leon >> > >> > >> > >> > >> --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
