Return-Path: Delivered-To: apmail-commons-user-archive@www.apache.org Received: (qmail 49928 invoked from network); 13 Jul 2010 16:48:28 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 13 Jul 2010 16:48:28 -0000 Received: (qmail 15693 invoked by uid 500); 13 Jul 2010 16:48:27 -0000 Delivered-To: apmail-commons-user-archive@commons.apache.org Received: (qmail 15549 invoked by uid 500); 13 Jul 2010 16:48:26 -0000 Mailing-List: contact user-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Commons Users List" Delivered-To: mailing list user@commons.apache.org Received: (qmail 15525 invoked by uid 99); 13 Jul 2010 16:48:26 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jul 2010 16:48:26 +0000 X-ASF-Spam-Status: No, hits=-0.1 required=10.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [148.87.113.121] (HELO rcsinet10.oracle.com) (148.87.113.121) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jul 2010 16:48:17 +0000 Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id o6DGlOxj003971 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 13 Jul 2010 16:47:26 GMT Received: from acsmt353.oracle.com (acsmt353.oracle.com [141.146.40.153]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id o6D5ZxLY025089 for ; Tue, 13 Jul 2010 16:47:23 GMT Received: from abhmt019.oracle.com by acsmt354.oracle.com with ESMTP id 401765371279039631; Tue, 13 Jul 2010 09:47:11 -0700 MIME-Version: 1.0 Message-ID: <19c8250a-ff82-43c3-9ba1-67657002b4c4@default> Date: Tue, 13 Jul 2010 09:47:25 -0700 (PDT) From: Nitin Anande To: Commons Users List Subject: RE: [fileupload]:Storing file on disk temporarily References: In-Reply-To: X-Priority: 3 X-Mailer: Oracle Beehive Extensions for Outlook 2.0.1.2.1.2 (406224) [OL 12.0.6300.5000] Content-Type: multipart/mixed; boundary="__127903963141355677abhmt019" X-Source-IP: acsmt353.oracle.com [141.146.40.153] X-Auth-Type: Internal IP X-CT-RefId: str=0001.0A0B020A.4C3C989C.00E4:SCFMA4539814,ss=1,fgs=0 X-Virus-Checked: Checked by ClamAV on apache.org --__127903963141355677abhmt019 Content-Type: multipart/alternative; boundary="__127903963141555678abhmt019" --__127903963141555678abhmt019 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Hi, I have set max file size in ServletFileUpload to 2MB.Because of that except= ion gets thrown when uploading file's is greater than 2MB. If suppose user trying uploading file of size of 300MB,is that whole file g= ets loaded in memory for checking file size?=20 =20 Thanks and Regards, =20 Oracle logo.gif Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 45341 = (M) Oracle Financial Services PrimeSourcing Pune, India =20 Oracle Financial Services Software Limited was formerly i-flex solutions li= mited. HYPERLINK "http://www.oracle.com/commitment" \nGreen Oracle Oracle is committed to developing practices and products that help protect = the environment =20 =20 From: Steven Siebert [mailto:smsiebe@gmail.com]=20 Sent: Tuesday, July 13, 2010 9:31 PM To: Commons Users List Subject: Re: [fileupload]:Storing file on disk temporarily =20 Hi Nitin, One use case for this is file size. If the file you are uploading is quite= large, it's often a good idea to use a temp file on disk so that the entir= e contents of the file aren't stored in memory before processing. So, for = example, if your client is uploading a >25MB file, instead of reading it in= to an InputStream (memory) and then processing it into a byte[] to store in= to the database, you can create the temp file and then process the file in = chunks (to save memory). This is very true if you need to do pre-processin= g on the file before you store it to the DB (as you indicated you'll be doi= ng). If the file is a giant XML file, for example, you can stream the cont= ents through your processor to again reduce memory usage. It should be noted, though, that saving files to disk may be a security iss= ue. If the user is able to upload executable files, they then have an exec= utable on the file system. Executing the file (post upload) could be as si= mple as exploiting a known buffer overflow attack....Your UI (and pre-file = storage logic) can help prevent against this. Another con to this approach, of course, is that you're taking a processor = (resource) hit for a memory (resource) gain. On most modern web servers (i= n my experience), memory is usually the short supply in that equation. Needs of the system should dictate how you approach this, of course =3D) I hope this helped! S On Tue, Jul 13, 2010 at 10:59 AM, Nitin Anande wrote: Hi, I have Common FileUpload for uploading file on DB.Can you please tell me th= e pros and cons for storing file on disk temporarily till request processin= g? Your help will be highly appreciated. =20 Thanks and Regards, =20 Oracle logo.gif Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 45341 = (M) Oracle Financial Services PrimeSourcing Pune, India =20 Oracle Financial Services Software Limited was formerly i-flex solutions li= mited. HYPERLINK "http://www.oracle.com/commitment" \nGreen Oracle Oracle is committed to developing practices and products that help protect = the environment =20 =20 --------------------------------------------------------------------- To unsubscribe, e-mail: HYPERLINK "mailto:user-unsubscribe@commons.apache.o= rg"user-unsubscribe@commons.apache.org For additional commands, e-mail: HYPERLINK "mailto:user-help@commons.apache= .org"user-help@commons.apache.org =20 --__127903963141555678abhmt019 Content-Type: multipart/related; boundary="__127903963141555679abhmt019" --__127903963141555679abhmt019 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit

Hi,

I have set max file size in ServletFileUpload to 2MB.Because of that exception gets thrown when uploading file’s is greater than 2MB.

If suppose user trying uploading file of size of 300MB,is that whole file gets loaded in memory for checking file size?

 

Thanks and Regards,

 

Oracle logo.gif
Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 45341 (M)
Oracle Financial Services PrimeSourcing
Pune, India

 

Oracle Financial Services Software Limited was formerly i-flex solutions limited.

Green Oracle

Oracle is committed to developing practices and products that help protect the environment

 

 

From: Steven Siebert [mailto:smsiebe@gmail.com]
Sent: Tuesday, July 13, 2010 9:31 PM
To: Commons Users List
Subject: Re: [fileupload]:Storing file on disk temporarily

 

Hi Nitin,

One use case for this is file size.  If the file you are uploading is quite large, it's often a good idea to use a temp file on disk so that the entire contents of the file aren't stored in memory before processing.  So, for example, if your client is uploading a >25MB file, instead of reading it into an InputStream (memory) and then processing it into a byte[] to store into the database, you can create the temp file and then process the file in chunks (to save memory).  This is very true if you need to do pre-processing on the file before you store it to the DB (as you indicated you'll be doing).  If the file is a giant XML file, for example, you can stream the contents through your processor to again reduce memory usage.

It should be noted, though, that saving files to disk may be a security issue.  If the user is able to upload executable files, they then have an executable on the file system.  Executing the file (post upload) could be as simple as exploiting a known buffer overflow attack....Your UI (and pre-file storage logic) can help prevent against this.

Another con to this approach, of course, is that you're taking a processor (resource) hit for a memory (resource) gain.  On most modern web servers (in my experience), memory is usually the short supply in that equation.

Needs of the system should dictate how you approach this, of course =)

I hope this helped!

S

On Tue, Jul 13, 2010 at 10:59 AM, Nitin Anande <nitin.anande@oracle.com> wrote:

Hi,

I have Common FileUpload for uploading file on DB.Can you please tell me the pros and cons for storing file on disk temporarily till request processing?

Your help will be highly appreciated.

 

Thanks and Regards,

 

Oracle logo.gif
Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 45341 (M)
Oracle Financial Services PrimeSourcing
Pune, India

 

Oracle Financial Services Software Limited was formerly i-flex solutions limited.

Green Oracle

Oracle is committed to developing practices and products that help protect the environment

 

 



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org

 

--__127903963141555679abhmt019 Content-Type: image/gif; name="image001.gif" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="image001.gif" Content-ID: R0lGODlhigAZAPcAAAAAAP////8AAP8BAf8CAv8DA/8EBP8FBf8GBv8HB/8JCf8KCv8LC/8MDP8N Df8ODv8PD/8REf8SEv8TE/8UFP8VFf8WFv8XF/8YGP8aGv8cHP8dHf8eHv8fH/8gIP8hIf8iIv8j I/8kJP8lJf8mJv8nJ/8oKP8pKf8qKv8rK/8sLP8tLf8vL/8yMv80NP82Nv83N/84OP85Of86Ov87 O/89Pf8+Pv9AQP9BQf9DQ/9ERP9FRf9GRv9HR/9ISP9JSf9KSv9LS/9MTP9NTf9QUP9RUf9SUv9T U/9XV/9YWP9aWv9cXP9fX/9gYP9iYv9jY/9kZP9lZf9mZv9nZ/9oaP9paf9qav9ra/9tbf9vb/9w cP9xcf9ycv9zc/91df92dv93d/95ef96ev97e/98fP99ff9+fv+Bgf+EhP+Hh/+Njf+Ojv+QkP+R kf+Skv+Tk/+UlP+Vlf+Xl/+YmP+Zmf+cnP+dnf+fn/+hof+iov+jo/+lpf+mpv+pqf+qqv+rq/+s rP+trf+urv+vr/+wsP+xsf+ysv+zs/+0tP+3t/+4uP+6uv+8vP+9vf++vv/AwP/Bwf/ExP/Fxf/G xv/Hx//Jyf/Kyv/Ly//MzP/Nzf/Ozv/Pz//Q0P/R0f/S0v/T0//U1P/V1f/W1v/X1//Y2P/Z2f/a 2v/b2//c3P/d3f/e3v/f3//g4P/h4f/i4v/j4//k5P/l5f/m5v/n5//o6P/p6f/q6v/r6//s7P/u 7v/v7//w8P/x8f/y8v/z8//09P/19f/29v/39//4+P/5+f/6+v/7+//8/P/9/f/+/v///wAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH/C01TT0ZGSUNFOS4wFwAA AAttc09QTVNPRkZJQ0U5LjBCPKT1ACH/C01TT0ZGSUNFOS4wGAAAAAxjbVBQSkNtcDA3MTIAAAAD SABzvAAh+QQBAADKACwAAAAAigAZAAAI/wADCBxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzI saPHjyBDJrMliZLJkycjpTJm8FcllDBPSkrlcFWeUQ6PiSoZ06SkSwFGSYqkaqKtnigh3QqAShIw hsTauJhQwIDVq1cJOCDBxRVBTQywir1a4AGNQwsVSRDAwM3CV2NOMKg61qoALQF8FChgJWIhIBTq knXAClIGCkR4KUQ1Q4Djx5AjO+4waCAmA5IzP06TkNeHxwtAJZxDQXPkDbQC5HAs5SErIaYjrwmg BYeGJoYSniIBWUOH38CDY36cR2CmBI4xBF+u4fGBRgijROaR7CAcyAg4LAfu4Y/AHY6pOP+EpQKy he3AixQLQCeEjRimEAqD8XgHomDH8uvfTykKAscObBLAcQIYIMl+CApTxwKOHXHQJAU4dsFjcxgU yX8CEPAFJsUguN9A4AkgHkPIDPHYCoHY4qF+A/2CRhWFJMTGY12w1NAgwxGRjCbIGVDJQmU45oFi BP3CgmMQOPKCYxHQNBAyPTiGgB4PhTjiQow8xsMuG7Xg2ArIQDSGYwvMEkqPlCz0iGMFvFKQGI+9 EcAijxnxFQGOcVZleA0x4ZgGvWxUSwSO1RGRKw44ZkgpaC7khGMnBENQJwc4VsN6yfjpGCAD3eHY A17tKSJDwpQnwAhmgKHqqqyqmoUlDUX/EiECmUQ0zJECxGFKj5a4YoknnwQbLCiXaDHcFAQRc4OU sAo0SwXJpRbAmALoUJ2oVyb0CwqxSQZBUQxBKEACnEQkTAqOwbFrgZp44kEBC8QbbwMYCkCBaAO1 8ZgXBc3x2BYCheEYDTY6ZCVD23YbmR8O0fKAAAPIEZEnlQpQCKMFpknKCqZJEAhBqUzgWAi+GLQa xIwEwAeSrUB08ELAcCtACV90YfPNOHehxkPJuOAYC8RAJJ0ADdQCSqMBxKIDZApwgMIV+AqEzBFk phHED1hjPYSXjpnQSyqPjeEynwtl6hgHQW+kr2NcXMsQHwM4VkQAPGY8UDGaCoBBygbt//HYEsHI 0O0ZASxdIB6i9sWQI1rqspEvPjuGQyK0AOPL5Zj7Akwul0DxGASdDIi0QMYECSAfBeECwp+yBKVA bAl4QjGbVWDSyy+Z575LMjw49oTluQfvixIn9jEL8MLf7tApI0CGwQooRC89Cip89lgCghg3+kBr DCeAGAQ98RgcA1HSx/no91FHogLMEMB1kJmQwvTTn9BDMT4wCT399JuARS0ce4wF9sc/FJCAYQ4p xZIU5rzsac9uBjEE+wSAhF8EgBCP+UHBEuKFx7jFDhNi4B4CUAMGPiZls0CCCVVQsocEAw47yEC3 IgADMsSCIJiImwAmgRBGeOAxOeBEAHMRABSG8EIEAMKJK8LQggbEJgkCyQMETAiGgSQjEDnoQGwO IAmKzGITmQijGMfICrcNBBhg1IQFEYILMUrCFJgII04cIoswWgIXd0PFGPeYCS4JRBV8DGQmhGGQ W4BRkKIIiSIXychGOvKRkIykJCd5kIAAADs= --__127903963141555679abhmt019 Content-Type: image/gif; name="image002.gif" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="image002.gif" Content-ID: R0lGODlhLAAcAMQAAP///0x9RHmec9Pf0aa+oleFULHGrmKNW+nv6I+uivT39N7n3W6VZ7zPuZu2 lsjXxYSmfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAAA AAAALAAAAAAsABwAQAXhICCOZGmeaDoaReC+sKAMR7GopIA6boIvLgPAVSAgALxjSYdrOp/Q6NPg YqIEPkTBV2taTwgGbEw+PAZo3FfKbqMQQfeJ8DoY0Hg0wxhAKBgHCl5XLgMqDwFCAAIFPIYDgidr OUQGkSh0cQMJAQyXOXKhoqOkpaanI2aoIwMErq+uCY0BMlANKpxkYwQGBH82TpMicD0pAgQACToD AchqhAG3KQ4HIlQNnErG0IYqB9EAiEQvwEsozC43hy0CAeXMwsLDLS8MAvf497ruCZ+gOA0gfNt3 AIK0J/JWKVzIsEQIADs= --__127903963141555679abhmt019-- --__127903963141555678abhmt019-- --__127903963141355677abhmt019 Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@commons.apache.org For additional commands, e-mail: user-help@commons.apache.org --__127903963141355677abhmt019--