[
https://issues.apache.org/struts/browse/STR-1705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=43071#action_43071
]
Ralf Hauser commented on STR-1705:
----------------------------------
to get better error messages, at least provide some background info as per
STR-3128
> Document how to use web.xml "maxFileSize" and how to deal with
> "MaxLengthExceededException"
> -------------------------------------------------------------------------------------------
>
> Key: STR-1705
> URL: https://issues.apache.org/struts/browse/STR-1705
> Project: Struts 1
> Issue Type: Improvement
> Components: Website
> Affects Versions: 1.0.0
> Environment: Operating System: other
> Platform: Other
> Reporter: Ralf Hauser
> Priority: Minor
> Fix For: Future
>
>
> As per the above-referenced mailing list discussion thread, I run into two
> problems:
> 1) the browser appears to upload the entire file that is bigger than the
> maxFileSize and only after completing the upload, MaxLengthExceededException
> is
> thrown. (If that is really true, this is not particularly defensive against
> denial of service attacks)
> 2) I get the MaxLengthExceededException as a stack-trace, but it doesn't
> appear
> that I can catch this exception in any of my "struts.jar-user" .java files.
> ------
> 3) Also, is there a way not to specify this on the global web.xml level, but
> on
> a case by case basis? Depending on the user classes I attribute a user-session
> to, I would like to vary this value: highly trusted users shall be able to
> upload more than anonymous users.
> Since after quite some searching, I didn't find an answer to this, I suggest
> to
> enhance the documentation correspondingly.
> or more recent post to the same topic:
> http://marc.theaimsgroup.com/?l=struts-user&m=104332226122935&w=2
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
