struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf Hauser (JIRA)" <j...@apache.org>
Subject [jira] Commented: (STR-1705) [upload] Document how to use web.xml "maxFileSize" and how to deal with "MaxLengthExceededException"
Date Wed, 14 Mar 2007 13:01:08 GMT

    [ https://issues.apache.org/struts/browse/STR-1705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_40551
] 

Ralf Hauser commented on STR-1705:
----------------------------------

see also STR-1955 and now with full URL http://issues.apache.org/bugzilla/show_bug.cgi?id=36351

> [upload] Document how to use web.xml "maxFileSize" and how to deal with "MaxLengthExceededException"
> ----------------------------------------------------------------------------------------------------
>
>                 Key: STR-1705
>                 URL: https://issues.apache.org/struts/browse/STR-1705
>             Project: Struts 1
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 1.0 Final
>         Environment: Operating System: other
> Platform: Other
>            Reporter: Ralf Hauser
>         Assigned To: Struts Developers
>            Priority: Minor
>
> As per the above-referenced mailing list discussion thread, I run into two problems:
> 1) the browser appears to upload the entire file that is bigger than the
> maxFileSize and only after completing the upload, MaxLengthExceededException is
> thrown. (If that is really true, this is not particularly defensive against
> denial of service attacks)
> 2) I get the MaxLengthExceededException as a stack-trace, but it doesn't appear
> that I can catch this exception in any of my "struts.jar-user" .java files.
> ------
> 3) Also, is there a way not to specify this on the global web.xml level, but on
> a case by case basis? Depending on the user classes I attribute a user-session
> to, I would like to vary this value: highly trusted users shall be able to
> upload more than anonymous users.
> Since after quite some searching, I didn't find an answer to this, I suggest to
> enhance the documentation correspondingly.
> or more recent post to the same topic:
> http://marc.theaimsgroup.com/?l=struts-user&m=104332226122935&w=2

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message