Geoff Howard wrote:
I'll de-lurk for a minute to say - sounds good to me. Better than
what we have now.
If you're looking to consider alternatives as well, IIRC there was
some discussion of implementing a delayed wrapper around the multipart
parsing to allow finer-grained control of when, how, and if the parts
were actually parsed.
Yes, IIRC that was the discussion on "environment adapters".
The problem with the pre-parsing of the upload as it is now is that it
is all or nothing - you have to turn on multipart uploads for every
uri in cocoon's space (which is infinite).
With the RejectedPart (formerly proposed as InvalidPart) we could have
uploads always turned on, but with a small maximum size as the default
in web.xml, thus protecting applications from large uploads DoS attacks
yet still allowing multipart/form-data requests to be processed by Cocoon.
The flexibility that would be missing compared to controlling this at
the sitemap level is allowing different maximum sizes depending on the
application area, e.g. allowing large uploads in protected areas where
as public ones would strongly limit their sizes. Now this is something
that we may envision later and that will anyway produce RejectedParts as
the current proposal.
Since I can't really
produce code on this now personally, I'll just toss it out as a
helpful reminder of past discussions.
Thanks for it :-)
Sylvain
--
Sylvain Wallez Anyware Technologies
http://people.apache.org/~sylvain http://www.anyware-tech.com
Apache Software Foundation Member Research & Technology Director
