struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank W. Zammetti" <fzli...@omnytex.com>
Subject Re: AW: AW: DownloadAction Application
Date Mon, 07 Mar 2005 19:28:37 GMT
I'd be willing to bet Commons does the same thing, but I don't know for
sure.  Anyone reading this able to illuminate us?

Yeah, I know what you mean... lousy kids these days, busting up all my
code! :) (We'll ignore that my code probably should have been more
robust!)

Unfortunately I used to BE one of those kids.  Hopefully they learn what's
right and what's wrong like I did, before they do serious damage and/or
wind up in jail.  It only cost me a $600 phone bill back in '85 to learn
my lesson as a teen, but things weren't as crazy back then as they are
now.  I don't get the feeling people are too interested in slapping kids
on the wrist any more, it seems a hacker is just as likely to wind up in
jail as a rapist is nowadays.

-- 
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com

On Mon, March 7, 2005 2:16 pm, Leon Rosenberg said:
> I used (sometimes still using) o'reillys file upload utility
> (com.oreilly.servlet.MultipartRequest).
> You can tell the MultipartRequest how much data you actually want to have.
> The problem is, that
> It uploads all_the_data (at least done in earlier versions) and determines
> then, that the file was too
> large and should be refused. This means, that you actually receive 1 gig
> of
> data (ok, one gig isn't possible due to timeouts, but 10-50 Mbs are) just
> to
> tell the user, that you wanted 100K?
>
> Ok, in our time, it's not a problem was sasser kids to bring down you
> server
> just by filling the complete bandwidth (except you are akamai-ed, but this
> is quite expensive), but you shouldn't make it too easy for them too,
> right?
>
> Regards
> Leon
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: Frank W. Zammetti [mailto:fzlists@omnytex.com]
>> Gesendet: Montag, 7. März 2005 20:05
>> An: Struts Users Mailing List
>> Betreff: Re: AW: DownloadAction Application
>>
>> FYI, Commons Fileupload DOES have a max feature.  Not sure
>> what happens when the max is reached, but its there.
>>
>> --
>> Frank W. Zammetti
>> Founder and Chief Software Architect
>> Omnytex Technologies
>> http://www.omnytex.com
>>
>> On Mon, March 7, 2005 1:50 pm, Leon Rosenberg said:
>> >>
>> >> HTML/HTTP doesn't support that, IMHO. The <input
>> type="file"...> tag
>> >> just grabs the file and starts sending it. The server has
>> no clue how
>> >> large the file is until the entire thing arrives.
>> >
>> > That is what I know too. And this is ugly.
>> > IMHO it's a fat security hole, since it's really easy for a script
>> > kidie to create an upload script and kill yourself with meaningless
>> > data instead of pix or whatever you permit to upload.
>> >
>> > Maybe a small signed java applet could close this hole?
>> > I would participate in writing one, if it's for interest to
>> more people.
>> >
>> > Regards
>> > Leon
>> >
>> >
>> >
>> >
>> ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> > For additional commands, e-mail: user-help@struts.apache.org
>> >
>> >
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message