struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dakota Jack <dakota.j...@gmail.com>
Subject Re: AW: DownloadAction Application
Date Mon, 07 Mar 2005 19:55:57 GMT
Remember that this is all a stream and there has to be a way to say
STOP!  So, if you really want to solve this problem in spades, it
clearly is possible.  I am satisfied to make sure that the reading of
the request object is not utilized to write to output streams at
certain levels.  If you want to actually control the input streams,
you could do that, but it would be more.

HEH!  My question was about DOWNLOADS!

Jack


On Mon, 7 Mar 2005 20:16:54 +0100, Leon Rosenberg
<struts_user@anotheria.net> wrote:
> I used (sometimes still using) o'reillys file upload utility
> (com.oreilly.servlet.MultipartRequest).
> You can tell the MultipartRequest how much data you actually want to have.
> The problem is, that
> It uploads all_the_data (at least done in earlier versions) and determines
> then, that the file was too
> large and should be refused. This means, that you actually receive 1 gig of
> data (ok, one gig isn't possible due to timeouts, but 10-50 Mbs are) just to
> tell the user, that you wanted 100K?
> 
> Ok, in our time, it's not a problem was sasser kids to bring down you server
> just by filling the complete bandwidth (except you are akamai-ed, but this
> is quite expensive), but you shouldn't make it too easy for them too, right?
> 
> Regards
> Leon
> 
> > -----Ursprüngliche Nachricht-----
> > Von: Frank W. Zammetti [mailto:fzlists@omnytex.com]
> > Gesendet: Montag, 7. März 2005 20:05
> > An: Struts Users Mailing List
> > Betreff: Re: AW: DownloadAction Application
> >
> > FYI, Commons Fileupload DOES have a max feature.  Not sure
> > what happens when the max is reached, but its there.
> >
> > --
> > Frank W. Zammetti
> > Founder and Chief Software Architect
> > Omnytex Technologies
> > http://www.omnytex.com
> >
> > On Mon, March 7, 2005 1:50 pm, Leon Rosenberg said:
> > >>
> > >> HTML/HTTP doesn't support that, IMHO. The <input
> > type="file"...> tag
> > >> just grabs the file and starts sending it. The server has
> > no clue how
> > >> large the file is until the entire thing arrives.
> > >
> > > That is what I know too. And this is ugly.
> > > IMHO it's a fat security hole, since it's really easy for a script
> > > kidie to create an upload script and kill yourself with meaningless
> > > data instead of pix or whatever you permit to upload.
> > >
> > > Maybe a small signed java applet could close this hole?
> > > I would participate in writing one, if it's for interest to
> > more people.
> > >
> > > Regards
> > > Leon
> > >
> > >
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > > For additional commands, e-mail: user-help@struts.apache.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 


-- 
"You can lead a horse to water but you cannot make it float on its back."
~Dakota Jack~

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message