commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Anande <nitin.ana...@oracle.com>
Subject RE: [fileupload]:Storing file on disk temporarily
Date Tue, 13 Jul 2010 16:47:25 GMT
Hi,

I have set max file size in ServletFileUpload to 2MB.Because of that exception gets thrown
when uploading file's is greater than 2MB.

If suppose user trying uploading file of size of 300MB,is that whole file gets loaded in memory
for checking file size? 

 

Thanks and Regards,

 

Oracle logo.gif
Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 45341 (M)
Oracle Financial Services PrimeSourcing
Pune, India

 

Oracle Financial Services Software Limited was formerly i-flex solutions limited.

HYPERLINK "http://www.oracle.com/commitment" \nGreen Oracle

Oracle is committed to developing practices and products that help protect the environment

 

 

From: Steven Siebert [mailto:smsiebe@gmail.com] 
Sent: Tuesday, July 13, 2010 9:31 PM
To: Commons Users List
Subject: Re: [fileupload]:Storing file on disk temporarily

 

Hi Nitin,

One use case for this is file size.  If the file you are uploading is quite large, it's often
a good idea to use a temp file on disk so that the entire contents of the file aren't stored
in memory before processing.  So, for example, if your client is uploading a >25MB file,
instead of reading it into an InputStream (memory) and then processing it into a byte[] to
store into the database, you can create the temp file and then process the file in chunks
(to save memory).  This is very true if you need to do pre-processing on the file before you
store it to the DB (as you indicated you'll be doing).  If the file is a giant XML file, for
example, you can stream the contents through your processor to again reduce memory usage.

It should be noted, though, that saving files to disk may be a security issue.  If the user
is able to upload executable files, they then have an executable on the file system.  Executing
the file (post upload) could be as simple as exploiting a known buffer overflow attack....Your
UI (and pre-file storage logic) can help prevent against this.

Another con to this approach, of course, is that you're taking a processor (resource) hit
for a memory (resource) gain.  On most modern web servers (in my experience), memory is usually
the short supply in that equation.

Needs of the system should dictate how you approach this, of course =)

I hope this helped!

S

On Tue, Jul 13, 2010 at 10:59 AM, Nitin Anande <HYPERLINK "mailto:nitin.anande@oracle.com"nitin.anande@oracle.com>
wrote:

Hi,

I have Common FileUpload for uploading file on DB.Can you please tell me the pros and cons
for storing file on disk temporarily till request processing?

Your help will be highly appreciated.

 

Thanks and Regards,

 

Oracle logo.gif
Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 45341 (M)
Oracle Financial Services PrimeSourcing
Pune, India

 

Oracle Financial Services Software Limited was formerly i-flex solutions limited.

HYPERLINK "http://www.oracle.com/commitment" \nGreen Oracle

Oracle is committed to developing practices and products that help protect the environment

 

 



---------------------------------------------------------------------
To unsubscribe, e-mail: HYPERLINK "mailto:user-unsubscribe@commons.apache.org"user-unsubscribe@commons.apache.org
For additional commands, e-mail: HYPERLINK "mailto:user-help@commons.apache.org"user-help@commons.apache.org

 

Mime
View raw message