Re: Servlet 3.0 File Upload
This must be about the worst advice I have ever seen. What about someone typing e.g. /etc/passwd in that text box? If you allow people to upload files to your server, you should create your own location and naming scheme for the uploaded files. You should not even use the original filename, unless you are dying to experience all the silly things that people can think of in terms of filenames (with spaces in them, or characters that are valid on one platform but not another, or characters in various character sets and so on.) Jonathan Soons wrote: You need to add a line in in your form: input type=text name=filename / Then in your servlet GetPost() method you put this filename in a variable: String filename; filename = req.getParameter(filename); Then instead of part.write(samplefile); do: part.write(filename); Jonathan Soons From: Ole Ersoy [ole.er...@gmail.com] Sent: Friday, September 02, 2011 6:50 PM To: Tomcat Users List Subject: Servlet 3.0 File Upload Hi, I have a working file upload servlet, with the exception that it calls the uploaded file samplefile instead of using the name of the file. So if I upload different files, they all overwrite each other. Any ideas on how to fix this? I used this tutorial to get it working: http://www.servletworld.com/servlet-tutorials/servlet3/multipartconfig-file-upload-example.html TIA, - Ole - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet 3.0 File Upload
Thank you for the advice. I'll stick to hard coded file locations and names :). Thanks again, - Ole On 09/05/2011 03:22 AM, André Warnier wrote: This must be about the worst advice I have ever seen. What about someone typing e.g. /etc/passwd in that text box? If you allow people to upload files to your server, you should create your own location and naming scheme for the uploaded files. You should not even use the original filename, unless you are dying to experience all the silly things that people can think of in terms of filenames (with spaces in them, or characters that are valid on one platform but not another, or characters in various character sets and so on.) Jonathan Soons wrote: You need to add a line in in your form: input type=text name=filename / Then in your servlet GetPost() method you put this filename in a variable: String filename; filename = req.getParameter(filename); Then instead of part.write(samplefile); do: part.write(filename); Jonathan Soons From: Ole Ersoy [ole.er...@gmail.com] Sent: Friday, September 02, 2011 6:50 PM To: Tomcat Users List Subject: Servlet 3.0 File Upload Hi, I have a working file upload servlet, with the exception that it calls the uploaded file samplefile instead of using the name of the file. So if I upload different files, they all overwrite each other. Any ideas on how to fix this? I used this tutorial to get it working: http://www.servletworld.com/servlet-tutorials/servlet3/multipartconfig-file-upload-example.html TIA, - Ole - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet 3.0 File Upload
Thank you for the advice. I'll stick to hard coded file locations and names :). Thanks again, - Ole On 09/05/2011 03:22 AM, André Warnier wrote: This must be about the worst advice I have ever seen. What about someone typing e.g. /etc/passwd in that text box? If you allow people to upload files to your server, you should create your own location and naming scheme for the uploaded files. You should not even use the original filename, unless you are dying to experience all the silly things that people can think of in terms of filenames (with spaces in them, or characters that are valid on one platform but not another, or characters in various character sets and so on.) Jonathan Soons wrote: You need to add a line in in your form: input type=text name=filename / Then in your servlet GetPost() method you put this filename in a variable: String filename; filename = req.getParameter(filename); Then instead of part.write(samplefile); do: part.write(filename); Jonathan Soons From: Ole Ersoy [ole.er...@gmail.com] Sent: Friday, September 02, 2011 6:50 PM To: Tomcat Users List Subject: Servlet 3.0 File Upload Hi, I have a working file upload servlet, with the exception that it calls the uploaded file samplefile instead of using the name of the file. So if I upload different files, they all overwrite each other. Any ideas on how to fix this? I used this tutorial to get it working: http://www.servletworld.com/servlet-tutorials/servlet3/multipartconfig-file-upload-example.html TIA, - Ole - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [Servlet 3.0] Monitoring File Upload Progress
Ole Ersoy wrote: Hi, Anyone know whether it's possible to monitor progress of a file upload? What do you mean by monitoring ? Is it a question of providing the user with some feedback, like a progress bar ? If so, then one of the easier ways would be to write your own java applet, downloaded and run by the browser in your upload form, to do the upload and display some progress bar to the user. You may want to search for something already available to do it though, because writing it from scratch is not really trivial. Personally, I would only do that if it was /really/ worth the effort. Like if many users get impatient and break off the upload before it finishes. Or of course if the marketing guys insist on it, for the look. But then tell them the cost. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Passive TCP Close
(The first few paragraphs are background and why the obvious solution won't work for us.) So the normal problem a HTTP server will experience when serving many small requests to a large number of clients is a pile of connections in TIME_WAIT. There not great but there are a number of ways to mitigate that. We are seeing a new problem well poorly behaved clients are apparently ignoring our FINs, which is resulting in a pile of FIN_WAIT* connections which are more complicated to deal with. Since for this particular app it is highly unlikely that the client has any need for more communication with the server it would be nice if we could force the connection to close (ie send a RST after some period of time). The obvious solution from looking at man pages is SO_LINGER. This unfortunately still has two problems on Linux: (a) If linger 0, close blocks which is untenable unless we go back to a thread per request model (b) if linger == 0, the connection is severed even if there is data in the outbound queue. Apache httpd deals with the lack of a system call for please send this data if you can and then wait n seconds to close the socket with some custom C code [1]. I *think* haproxy does something similar, but am even less familiar with that code base. I'm not sure if it's even possible to do the same from Java, and I don't think that particular httpd code can be re-used by a tomcat connector since it's not part of the Apache Portable Runtime. If I'm wrong on those points that would be super cool. Anyway, on to the original subject. An alternative solution [2] is to push the responsibility for the TCP close handshake to the client (and periodically have iptables RST idle connections). This seems a natural fit for HTTP (user agents know if they have requests for the same server queued without complex application specific logic), but as fas as I know is not typical. It would also have the added bonus of keeping the pile of ligament TIME_WAIT connections off of the server too. Does anyone have any experience with doing passive TCP connection closes with Tomcat, or theoretical reasons why it would or would not work? [1] https://github.com/apache/httpd/blob/trunk/server/connection.c#L43 [2] http://www.serverframework.com/asynchronousevents/2011/01/time-wait-and-its-design-implications-for-protocols-and-scalable-servers.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
