commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven Siebert <smsi...@gmail.com>
Subject Re: [fileupload]:Storing file on disk temporarily
Date Tue, 13 Jul 2010 19:31:46 GMT
Nitin,

Reading FileItemIteratorImpl, it looks like it's getting this value from the
headers, not from post-InputStream reading.  I think this could still depend
on your web container (app server), and what they might do when creating the
context (I don't know how every vendor does it)....but it looks like your
safe with the FileUpload lib.

Cheers,

S

On Tue, Jul 13, 2010 at 12:47 PM, Nitin Anande <nitin.anande@oracle.com>wrote:

>  Hi,
>
> I have set max file size in ServletFileUpload to 2MB.Because of that
> exception gets thrown when uploading file’s is greater than 2MB.
>
> If suppose user trying uploading file of size of 300MB,is that whole file
> gets loaded in memory for checking file size?
>
>
>
> *Thanks and Regards**,*
>
>
>
> [image: Oracle logo.gif]
> Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 45341
> (M)
> Oracle Financial Services PrimeSourcing
> Pune, India
>
>
>
> Oracle Financial Services Software Limited was formerly i-flex solutions
> limited.
>
> [image: Green Oracle] <http://www.oracle.com/commitment>
>
> Oracle is committed to developing practices and products that help protect
> the environment
>
>
>
>
>
> *From:* Steven Siebert [mailto:smsiebe@gmail.com]
> *Sent:* Tuesday, July 13, 2010 9:31 PM
> *To:* Commons Users List
> *Subject:* Re: [fileupload]:Storing file on disk temporarily
>
>
>
> Hi Nitin,
>
>
> One use case for this is file size.  If the file you are uploading is quite
> large, it's often a good idea to use a temp file on disk so that the entire
> contents of the file aren't stored in memory before processing.  So, for
> example, if your client is uploading a >25MB file, instead of reading it
> into an InputStream (memory) and then processing it into a byte[] to store
> into the database, you can create the temp file and then process the file in
> chunks (to save memory).  This is very true if you need to do pre-processing
> on the file before you store it to the DB (as you indicated you'll be
> doing).  If the file is a giant XML file, for example, you can stream the
> contents through your processor to again reduce memory usage.
>
> It should be noted, though, that saving files to disk may be a security
> issue.  If the user is able to upload executable files, they then have an
> executable on the file system.  Executing the file (post upload) could be as
> simple as exploiting a known buffer overflow attack....Your UI (and pre-file
> storage logic) can help prevent against this.
>
> Another con to this approach, of course, is that you're taking a processor
> (resource) hit for a memory (resource) gain.  On most modern web servers (in
> my experience), memory is usually the short supply in that equation.
>
> Needs of the system should dictate how you approach this, of course =)
>
> I hope this helped!
>
> S
>
> On Tue, Jul 13, 2010 at 10:59 AM, Nitin Anande <nitin.anande@oracle.com>
> wrote:
>
> Hi,
>
> I have Common FileUpload for uploading file on DB.Can you please tell me
> the pros and cons for storing file on disk temporarily till request
> processing?
>
> Your help will be highly appreciated.
>
>
>
> *Thanks and Regards**,*
>
>
>
> [image: Oracle logo.gif]
> Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 45341
> (M)
> Oracle Financial Services PrimeSourcing
> Pune, India
>
>
>
> Oracle Financial Services Software Limited was formerly i-flex solutions
> limited.
>
> [image: Green Oracle] <http://www.oracle.com/commitment>
>
> Oracle is committed to developing practices and products that help protect
> the environment
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
> For additional commands, e-mail: user-help@commons.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
> For additional commands, e-mail: user-help@commons.apache.org
>

Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message