Return-Path: Delivered-To: apmail-commons-user-archive@www.apache.org Received: (qmail 6681 invoked from network); 13 Jul 2010 19:33:36 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 13 Jul 2010 19:33:36 -0000 Received: (qmail 88081 invoked by uid 500); 13 Jul 2010 19:33:35 -0000 Delivered-To: apmail-commons-user-archive@commons.apache.org Received: (qmail 87845 invoked by uid 500); 13 Jul 2010 19:33:34 -0000 Mailing-List: contact user-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Commons Users List" Delivered-To: mailing list user@commons.apache.org Received: (qmail 87837 invoked by uid 99); 13 Jul 2010 19:33:34 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jul 2010 19:33:34 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of smsiebe@gmail.com designates 209.85.161.43 as permitted sender) Received: from [209.85.161.43] (HELO mail-fx0-f43.google.com) (209.85.161.43) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jul 2010 19:33:27 +0000 Received: by fxm18 with SMTP id 18so2635434fxm.30 for ; Tue, 13 Jul 2010 12:32:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type; bh=PWnIni4RdeDVqiJ0kG3XBW6D6p1/VUrXR0btvyB0Opo=; b=S3wBSF7UIrR6sH/8p4T/DsgDVfdlABhdYcxKXKJ8rU3xfsFJhOKcH4SdEEqLWfquqY M+wTEc1uigPvZjKc67X9tbzjwSrCcv8iceyNUlJfTIWGp1LVkqTLe/TdLHfRXEUj5FJU mRs3SABohJWFCE7jH/iZ0ChVSVmdjLFY/6+9Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=Hr0EGV/LrQQVOBj8hG+s5g6G7C+pAJ5SMz9vDhnwKsOVatqVvUCc0WUT+Rj4EjxuU3 mc1YSzkwESUJtHnYPpKfFFOdCz0e25FDx0v8AoyQ/1L60Jd28YBPByHGLb5JZjQMgOKe VoM2KrTc2Nol9s0zEqmhREH9KOH+VPgJC/T9Y= Received: by 10.103.124.4 with SMTP id b4mr2604248mun.101.1279049526600; Tue, 13 Jul 2010 12:32:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.103.8.15 with HTTP; Tue, 13 Jul 2010 12:31:46 -0700 (PDT) In-Reply-To: <19c8250a-ff82-43c3-9ba1-67657002b4c4@default> References: <19c8250a-ff82-43c3-9ba1-67657002b4c4@default> From: Steven Siebert Date: Tue, 13 Jul 2010 15:31:46 -0400 Message-ID: Subject: Re: [fileupload]:Storing file on disk temporarily To: Commons Users List Content-Type: multipart/related; boundary=001636a7da92aee4bf048b49ec47 X-Virus-Checked: Checked by ClamAV on apache.org --001636a7da92aee4bf048b49ec47 Content-Type: multipart/alternative; boundary=001636a7da92aee4bb048b49ec46 --001636a7da92aee4bb048b49ec46 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Nitin, Reading FileItemIteratorImpl, it looks like it's getting this value from th= e headers, not from post-InputStream reading. I think this could still depen= d on your web container (app server), and what they might do when creating th= e context (I don't know how every vendor does it)....but it looks like your safe with the FileUpload lib. Cheers, S On Tue, Jul 13, 2010 at 12:47 PM, Nitin Anande wro= te: > Hi, > > I have set max file size in ServletFileUpload to 2MB.Because of that > exception gets thrown when uploading file=92s is greater than 2MB. > > If suppose user trying uploading file of size of 300MB,is that whole file > gets loaded in memory for checking file size? > > > > *Thanks and Regards**,* > > > > [image: Oracle logo.gif] > Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 4534= 1 > (M) > Oracle Financial Services PrimeSourcing > Pune, India > > > > Oracle Financial Services Software Limited was formerly i-flex solutions > limited. > > [image: Green Oracle] > > Oracle is committed to developing practices and products that help protec= t > the environment > > > > > > *From:* Steven Siebert [mailto:smsiebe@gmail.com] > *Sent:* Tuesday, July 13, 2010 9:31 PM > *To:* Commons Users List > *Subject:* Re: [fileupload]:Storing file on disk temporarily > > > > Hi Nitin, > > > One use case for this is file size. If the file you are uploading is qui= te > large, it's often a good idea to use a temp file on disk so that the enti= re > contents of the file aren't stored in memory before processing. So, for > example, if your client is uploading a >25MB file, instead of reading it > into an InputStream (memory) and then processing it into a byte[] to stor= e > into the database, you can create the temp file and then process the file= in > chunks (to save memory). This is very true if you need to do pre-process= ing > on the file before you store it to the DB (as you indicated you'll be > doing). If the file is a giant XML file, for example, you can stream the > contents through your processor to again reduce memory usage. > > It should be noted, though, that saving files to disk may be a security > issue. If the user is able to upload executable files, they then have an > executable on the file system. Executing the file (post upload) could be= as > simple as exploiting a known buffer overflow attack....Your UI (and pre-f= ile > storage logic) can help prevent against this. > > Another con to this approach, of course, is that you're taking a processo= r > (resource) hit for a memory (resource) gain. On most modern web servers = (in > my experience), memory is usually the short supply in that equation. > > Needs of the system should dictate how you approach this, of course =3D) > > I hope this helped! > > S > > On Tue, Jul 13, 2010 at 10:59 AM, Nitin Anande > wrote: > > Hi, > > I have Common FileUpload for uploading file on DB.Can you please tell me > the pros and cons for storing file on disk temporarily till request > processing? > > Your help will be highly appreciated. > > > > *Thanks and Regards**,* > > > > [image: Oracle logo.gif] > Nitin Anande | Associate Consultant | +91 20 6670 7616 (O) +91 99752 4534= 1 > (M) > Oracle Financial Services PrimeSourcing > Pune, India > > > > Oracle Financial Services Software Limited was formerly i-flex solutions > limited. > > [image: Green Oracle] > > Oracle is committed to developing practices and products that help protec= t > the environment > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscribe@commons.apache.org > For additional commands, e-mail: user-help@commons.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscribe@commons.apache.org > For additional commands, e-mail: user-help@commons.apache.org > --001636a7da92aee4bb048b49ec46 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Nitin,

Reading FileItemIteratorImpl, it looks like it's getting = this value from the headers, not from post-InputStream reading.=A0 I think = this could still depend on your web container (app server), and what they m= ight do when creating the context (I don't know how every vendor does i= t)....but it looks like your safe with the FileUpload lib.

Cheers,

S

On Tue, Jul 13, 2010= at 12:47 PM, Nitin Anande <nitin.anande@oracle.com> wrote:

Hi,

I have set max file size in ServletFileUpload = to 2MB.Because of that exception gets thrown when uploading file=92s is greate= r than 2MB.

If suppose user trying uploading file of size of 300MB,is that whole file gets loaded in memory for checking file size?

=A0

Tha= nks and Regards,=

=A0

3D"Oracle Nitin Anande | Associa= te Consultant | +91 20 6670 7616 (O) +91 99752 45341 (M)
Oracle Financial Services PrimeSourcing
Pune, India

=A0

Oracle= Financial Services Software Limited was formerly i-flex solutions limited.

3D"Green

Oracle is committed to developing practices and products that help protect the environment=A0

=A0

From:= Steven Siebert [mailto:smsiebe@gmai= l.com]

Sent: Tuesday, July 13, 2010 9:31 PM
To: Commons Users List
Subject: Re: [fileupload]:Storing file on disk temporarily

=A0

Hi Nitin,



One use case for this is file size.=A0 If the file you are uploading is quite large, it's often a good idea to use a temp file on disk so that = the entire contents of the file aren't stored in memory before processing.= =A0 So, for example, if your client is uploading a >25MB file, instead of reading it into an InputStream (memory) and then processing it into a byte[= ] to store into the database, you can create the temp file and then process the = file in chunks (to save memory).=A0 This is very true if you need to do pre-processing on the file before you store it to the DB (as you indicated = you'll be doing).=A0 If the file is a giant XML file, for example, you can stream the contents through your processor to again reduce memory usage.

It should be noted, though, that saving files to disk may be a security issue.=A0 If the user is able to upload executable files, they then have an executable on the file system.=A0 Executing the file (post upload) could be as simple as exploiting a known buffer overflow attack....Your UI (and pre-= file storage logic) can help prevent against this.

Another con to this approach, of course, is that you're taking a proces= sor (resource) hit for a memory (resource) gain.=A0 On most modern web servers (in my experience), memory is usually the short supply in that equation.
Needs of the system should dictate how you approach this, of course =3D)
I hope this helped!

S

On Tue, Jul 13, 2010 at 10:59 AM, Nitin Anande <<= a href=3D"mailto:nitin.anande@oracle.com" target=3D"_blank">nitin.anande@or= acle.com> wrote:

Hi,

I have Commo= n FileUpload for uploading file on DB.Can you please tell me the pros and cons for storing file on disk temporarily till request processing?

Your help wi= ll be highly appreciated.

=A0

Tha= nks and Regards,=

=A0

3D"Or=
Nitin Anande | Associa= te Consultant | +91 20 6670 7616 (O) +91 99752 45341 (M)
Oracle Financial Services PrimeSourcing
Pune, India

=A0

Oracle= Financial Services Software Limited was formerly i-flex solutions limited.

3D"Green

Oracle is committed to developing practices and products that help protect the environment

=A0

=A0



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org

=A0



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org

--001636a7da92aee4bb048b49ec46-- --001636a7da92aee4bf048b49ec47--