> > You need to add a line in in your form: > > <input type="text" name="filename" /> > > > > Then in your servlet GetPost() method you put this filename in a > > variable: > > String filename; > > filename = req.getParameter("filename"); > > > > Then instead of part.write("samplefile"); > > do: > > part.write(filename); >
Letting the remote user control the name of the file that is written to disk exposes a potential security risk. Due to bad configuration, the posted name may allow the caller to save arbitrary files anywhere they wish. The server should generate the name that is used to save the file to remove this risk Chris