- use mmbaseroot.xml to define maxFileSize
-1 mmbaseroot should only have the core/engine settings of MMBase. I don't
like to put a property of the input layer of mmbase in this file.
- use the database layer (maxblobsize) as a value for the maxFileSize
-1 This way all form fields have to fit in 1 database field. Blob size
restrictions are usually very high (>1GB). What will happen with a DoS
attack?
- Configure maxFileSize in the application server
-1 There is no stnadard way of putting properties in an application server
except for the web.xml and JNDI. Both places are not used by mmbase for
the config properties.
- create a config/util/ directory and put there the configuration files
just like the modules/builders.
+1 I would expect it somewhere in the config dir
- Set the maxFileSize in the constructor of HttpPost.
-1 Then it has to be defined on multiple places?
Just curious to know.
connect_in=new DataInputStream(req.getInputStream());
.......
buffer=new byte[len];
len2=connect_in.read(buffer,0,len);
while (len2<len && i<maxLoop) {
log.debug("readContentLength(): found len2( "+len2+")");
len3=connect_in.read(buffer,len2,len-len2);
if (len3==-1) {
log.debug("readContentLength(): WARNING: EOF while
not Content Length");
break;
} else {
len2+=len3;
}
i++;
}
How big is the chance that the maxLoop is reached? DataInputStream returns
when there is data available. If the socket buffer is 1024 bytes is my max
upload then 2048*1024 (2.097.152)?
Nico
