Roger, With an applet there would be no URL. The applet would handle the file transfer and thus control the upload. It could even go as far as to authenticate the user and log the user information. If it is a big concern protect it and force the users to request a username and password. Then email it back to them. This way you can track the abuse and block the offender.
As for the other, I think (Please correct me on this list) that if you send a form with a type that the servlet is not program to handle you will get an error. Like I said I think. I have not tried this. Doug ----- Original Message ----- From: "Varley, Roger" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, April 23, 2004 10:18 AM Subject: RE: Tomcat and restricting the size of HttpServletRequest > > I remember a previous discussion on this and one of the > solutions was to use > an applet that would check the file size prior to transmission. > I can do that if the remote end is using my client - my concern is that once the URL is "known" anyone could write a program that writes huge amounts of data to that URL. Is this not a general problem for any servlet that receives data in a POST request over the internet? > > Is there anyway to monitor the size of the object as it is > uploaded and > terminate it if it exceeds a certain size? Just a thought. > I guess this what I'm asking :) Regards Roger > > > > There is a max POST size limit attribute on the Connectors. > > > > Otherwise - you can code for it too: > > request.getContentLength() == Size of posted content. -1 if > > the client did > > not provide a Content length. > > > > I wondered about request.getContentLength() but was worried > that it was > calculated by Tomcat rather than relying on it being set by > the client. > Either way, if the client doesn't specify the length or lies > about it then > I'm still in danger of running out of room. > > This also begs the question as to when my servlet gets to see > an incoming > request - I was concerned that by the time my servlet gets to see the > incoming request Tomcat had already read the incoming data > and stored it in > the HttpServletRequest object - in which case > request.getContentLength() is > of no help. > > Regards > Roger > > > ______________________________________________________________ > ____________ > This e-mail and the documents attached are confidential and intended > solely for the addressee; it may also be privileged. If you > receive this > e-mail in error, please notify the sender immediately and destroy it. > As its integrity cannot be secured on the Internet, the Atos > Origin group > liability cannot be triggered for the message content. Although the > sender endeavours to maintain a computer virus-free network, > the sender > does not warrant that this transmission is virus-free and will not be > liable for any damages resulting from any virus transmitted. > ______________________________________________________________ > ____________ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > __________________________________________________________________________ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. __________________________________________________________________________ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
