struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Higginbotham" <jhigginbot...@betweenmarkets.com>
Subject RE: enforcing max upload file size - before its too late!
Date Sun, 06 Oct 2002 20:31:33 GMT
Realistically, something is needed in the core web server (Apache, or in
the lower layers of the socket listeners in the servlet spec) to stop
incoming POST requests that exceed a certain amount. With this code
(which I've used before as well), you can't stop the upload and close
the connection, you have to accept all the bytes and then process once
control is given to your servlet/JSP/Struts action. By that time, the
user may have tried to take down your server by pushing many threads
with large files to fill up your drive space (or at least
unintentionally caused you grief). 

Anyone know of a more aggressive method of handling this without getting
rid of uploads all together?

James

> -----Original Message-----
> From: Thomas Eichberger [mailto:webmaster@java.at] 
> Sent: Sunday, October 06, 2002 1:42 PM
> To: Struts Users Mailing List
> Subject: Re: enforcing max upload file size - before its too late!
> 
> 
> Hi,
> 
> here is my piece of source code for that problem:
> 
> 
> stream = file.getInputStream();
> 
> zipFile = new File( user.path, user.kurzname + "-upload.zip" 
> ); bos = new BufferedOutputStream( new FileOutputStream( zipFile ) );
> 
> int bytesRead = 0;
> int count = 0;
> byte[] buffer = new byte[ 8192 ];
> while ( ( bytesRead = stream.read( buffer, 0, 8192 ) ) != -1 
> ) { bos.write(buffer, 0, bytesRead); count += bytesRead;
> 
>          if ( count > 2000000 ) // THIS IS THE MAXIMUM SIZE
>          {
>          errors.add(ActionErrors.GLOBAL_ERROR,
>          new ActionError( "error.upload.file" ) );
>          return mapping.findForward( "failure" );
>          }
>          }
> 
> 
> And I have a finally block surrounding this where I close all 
> streams :-)
> 
> 
> Thomas
> 
> 
> 
> 
> At 17:58 06.10.2002 +0000, jfc wrote:
> >jfc wrote:
> >
> >>Hi,
> >>
> >>I have implemented the functionality for file uploads as 
> demonstrated 
> >>in
> >>struts-upload.war however I have a question.
> >>
> >>How could I implement the example such that the file is 
> uploaded chunk 
> >>by
> >>chunk thereby giving the server the opportunity of stopping 
> the upload at 
> >>a given max file upload size and redirecting to the error page.
> >>
> >>Although I have a validation method on my form bean which has the
> >>FormFile as a property, it appears as though the file is 
> uploaded in its 
> >>entirety before the size is checked.
> >>
> >>The obvious concern here is that someone might decide to 
> upload a file
> >>the size of the internet to my server which would struggle 
> to cope with 
> >>such a large file.
> >>
> >>Perhaps I am overlooking some simple fact to the way this 
> upload works
> >>but I don't see a solution at the moment other than somehow 
> uploading the 
> >>file chunk by chunk.
> >>
> >>Any advice is much appreciated.
> >>
> >>Jfc
> >>
> >>
> >>--
> >>To unsubscribe, e-mail: 
> >><mailto:struts-user-unsubscribe@jakarta.apache.org>
> >>For additional commands, e-mail: 
> >><mailto:struts-user-help@jakarta.apache.org>
> >>
> >I have to believe this has been covered before but I can find no 
> >previous
> >posts which answer the question. Any takers?
> >
> >Chees
> >jfc
> >
> >
> >
> >--
> >To unsubscribe, e-mail:   
> <mailto:struts-user-> unsubscribe@jakarta.apache.org>
> >For 
> additional commands, 
> e-mail: 
> ><mailto:struts-user-help@jakarta.apache.org>
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:struts-user-> unsubscribe@jakarta.apache.org>
> For 
> additional commands, 
> e-mail: <mailto:struts-user-help@jakarta.apache.org>
> 
> 

--
To unsubscribe, e-mail:   <mailto:struts-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:struts-user-help@jakarta.apache.org>


Mime
View raw message