hi, don't know much about the upload internals, just some hints about the directory handling
>It seems to me that this is what is needed for >starters: >- files should not be uploaded and saved by default >from any page. that has security hole written all >over it. >- when upload of a file is desired, there should be a >configurable default directory (as there is now) _and_ >the ability to designate alternative locations either >in the sitemap, and _maybe_ via runtime/request >parameters. > As a short hint, i remember that servlet-spec is quit restrictive about temporary files there is a servlet config parameter, snippet from the servlet spec 2.2 --start-- It is often useful for Application Developers to have a temporary working area on the local filesystem. All servlet containers must provide a private temporary directory per servlet context and make it available via the context attribute of javax.servlet.context.tempdir. The object associated with the attribute must be of type java.io.File. --end-- Moreover the file should take the servlet session into account if it is available, as more than one user may upload files. bye bernhard --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
