Thanks David for your answer. I was searching for something more generic. I use a FormFile, like you suggested. And I tought filtering on the contentType, but I'am afraid not be able to managing all the case. At the beginning, I tested il content-type equals "octetstream" or bianry", it is so sufficnet: what about zip file? what about jpeg?
But I agree with your second proposal: even it saves wrong datas; it will prevent us from inserting executable script in our system. Extranet [EMAIL PROTECTED] - 11/24/2003 05:23 PM Please respond to [EMAIL PROTECTED] To: struts-user cc: Subject: RE: Disable binary files in upload Ludo, You might want to use a FormFile in your ActionForm bean to make the file easier to deal with. Then, you can do things like this: 1. FormFile.getContentType() and see if it is a MIME type you allow. 2. FormFile.getInputStream() and save it in an ascii, not binary mode. So, binary data would probably be saved corrupted and they'd know it was bad the next time they asked for it not to upload binary data. 3. FormFile.getFileName() and see if it is one of a handful of file extensions you might allow (.html, .txt, etc.) Regards, David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 9:35 AM To: [EMAIL PROTECTED] Subject: Disable binary files in upload Hi all, I would like to prevent the user from upload binary files from an upload form, but to allow him to download any kind of ascii files. What is the better way to do that? Is it something i can do with the configuration.? Or should I add a test on the "content-type" value received ? Thanks, Ludo. This message and any attachments (the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. --------------------------------------------- Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L'internet ne permettant pas d'assurer l'integrite de ce message, BNP PARIBAS (et ses filiales) decline(nt) toute responsabilite au titre de ce message, dans l'hypothese ou il aurait ete modifie. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message and any attachments (the "message") is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. --------------------------------------------- Ce message et toutes les pieces jointes (ci-apres le "message") sont etablis a l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L'internet ne permettant pas d'assurer l'integrite de ce message, BNP PARIBAS (et ses filiales) decline(nt) toute responsabilite au titre de ce message, dans l'hypothese ou il aurait ete modifie. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
