cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sylvain Wallez <sylv...@apache.org>
Subject Re: Handling oversized uploads with the application
Date Thu, 18 Aug 2005 19:35:53 GMT
Geoff Howard wrote:

>I'll de-lurk for a minute to say - sounds good to me.  Better than
>what we have now.
>
>If you're looking to consider alternatives as well, IIRC there was
>some discussion of implementing a delayed wrapper around the multipart
>parsing to allow finer-grained control of when, how, and if the parts
>were actually parsed.
>  
>

Yes, IIRC that was the discussion on "environment adapters".

>The problem with the pre-parsing of the upload as it is now is that it
>is all or nothing - you have to turn on multipart uploads for every
>uri in cocoon's space (which is infinite).
>

With the RejectedPart (formerly proposed as InvalidPart) we could have 
uploads always turned on, but with a small maximum size as the default 
in web.xml, thus protecting applications from large uploads DoS attacks 
yet still allowing multipart/form-data requests to be processed by Cocoon.

The flexibility that would be missing compared to controlling this at 
the sitemap level is allowing different maximum sizes depending on the 
application area, e.g. allowing large uploads in protected areas where 
as public ones would strongly limit their sizes. Now this is something 
that we may envision later and that will anyway produce RejectedParts as 
the current proposal.

>Since I can't really
>produce code on this now personally, I'll just toss it out as a
>helpful reminder of past discussions.
>  
>

Thanks for it :-)

Sylvain

-- 
Sylvain Wallez                        Anyware Technologies
http://people.apache.org/~sylvain     http://www.anyware-tech.com
Apache Software Foundation Member     Research & Technology Director


Mime
View raw message