5 Replies Latest reply on Feb 12, 2008 9:30 AM by Peter Johnson

    fileupload

    mars1412 Apprentice

      we provide both an upload applet and a standard HTML form, to let the user upload files to the server.
      with the applet it is simple to check the max. filesize and reject large files on the client side.

      but for the plain HTML upload form, I think there is no way to limit the filesize.
      so what could we do about that?

      I suppose it is like that:

      • bad guy selects a 500MB file and uploads it
      • the browser will generate a big multipart form request
      • browser sends this big request to our server
      • the server must process the complete request, before it can check the size of the uploaded file/s


        OK, this is not really jboss or seam related, but maybe someone can help


        • 1. Re: fileupload
          Peter Johnson Master

          What mechanism are you using for the file download? If I recall correctly, the apache commons file upload library provides a mechanism to query the file size before uploading the file.

          • 2. Re: fileupload
            mars1412 Apprentice

             

            "PeterJ" wrote:
            What mechanism are you using for the file download?

            you mean upload, do you?

            "PeterJ" wrote:
            If I recall correctly, the apache commons file upload library provides a mechanism to query the file size before uploading the file.

            well - my question is a more general one - not related to any library
            I know, the apache commons file upload has a way to limit the upload size.
            and also the seam s:fileUpload tag has such a setting.
            but I am wondering if those settings are making any difference, because the client will always build the request and send the complete very large request to the server (consuming bandwidth), and if the server must process the complete very large request, before it knows that the file is too large, it will also consume a lot of memory and CPU.
            I guess that this is the case, because the filesize is not included in any meta-data information.


            • 3. Re: fileupload
              Peter Johnson Master

              Yes, I meant upload. One of these days I will learn how to spell. Or type. Or just plain learn to keep my mind focused on the topic at hand instead of wandering off in 18 related and unrelated directions. (I have no hope whatsoever of achieving that final goal.)

              I always assumed that that the file size would be made available before the file was transfered, but I could be wrong. I could write a quick test, but this is the week of JBossWorld and I expect to be busy all week with little keyboard time. But then you could easily test this yourself - try uploading a huge file and see what it takes to get the filesize. If it takes a long time and the available disk space was drastically reduced, or not, you have your answer. Then you can be the expert and tell us.

              • 4. Re: fileupload
                mars1412 Apprentice

                 

                Yes, I meant upload. One of these days I will learn how to spell. Or type. Or just plain learn to keep my mind focused on the topic at hand instead of wandering off in 18 related and unrelated directions. (I have no hope whatsoever of achieving that final goal.)

                good to hear, I'm not the only one with those problems :)

                for the tests:
                well, I did already test it, but the results left me puzzled: I am not sure, how to interpret the testresults, or maybe its a problem of my test environment (server and client on same machine)
                so I hoped someone could tell me the facts about uploading right away.

                anyway: this is how I tried to test:
                • I use a multipart form with an input element of type="file" - I select a big file: 600MB
                • I press upload
                • what happens now is:
                  • CPU load of my browser increases (no networktraffic yet): I suppose the client is building the complete multipart-form request (some seconds)
                  • networktraffic starts: I suppose the complete request is now sent to the server
                  • my servlet is receiving the request
                  • after a short time (1 sec), the commons file upload lib throws a SizeLimitExceededException exception
                  • I catch this exception and in the servlet I send a redirect to an error page
                  • the browser is still busy and keeps sendig the request (takes about 30 seconds)
                    so I am not sure what happens:
                    • is there a way to inform the browser to abort sending the large request immediately?
                      maybe a redirect is wrong here?
                    • since the client keeps sending data, I suppose the server will still be busy: well at least the bandwidth of the server will still be receiving the data, that the browser is still sending


                • 5. Re: fileupload
                  Peter Johnson Master

                  Yes, the results would be somewhat more conclusive if you used two different machines, but it does sound like the browser transfers the whole file.