struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Benedict <pbened...@apache.org>
Subject Re: svn commit: r553240 - /struts/struts1/trunk/core/src/main/java/org/apache/struts/upload/CommonsMultipartRequestHandler.java
Date Fri, 06 Jul 2007 05:43:18 GMT
Niall Pemberton wrote:
> I see no discussion on FILEUPLOAD-140 with Jochen about this and that
> would seem a more logical place to fix than here in Struts. If it has
> merit then you should be able to convince him - or at least try. I'm
> no expert on file upload or DoS, but my gut feel is its a hack to fix
> a problem that has nothing to do with Struts - which we've generally
> resisted in the past.
>
> Niall
>
You make a really good point. I thought about discussing this with him, 
but I wasn't quite sure he would care. It sounds like he might, based on 
your post, so I'll give it a shot.

It is true that the problem is not inside of Struts, but it's also true 
the request, when meeting the specific criteria, will hang indefinitely 
until the client's socket is terminated. Based on the ticket, it sounds 
like the user didn't find it in the example app but in his own 
development. Because this is likely to occur during normal development 
and isn't too-edgy of a use case, I found it important to fix. It can 
block development as well as production operations on a Windows box. The 
argument cuts both ways: would you prefer an indefinite blocking socket, 
or just completing the request with perhaps a large no-op upload? I 
believe the former is less ideal and the latter less likely to occur.

Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message