> - use the database layer (maxblobsize) as a value for the maxFileSize > -1 This way all form fields have to fit in 1 database field. Blob size > restrictions are usually very high (>1GB). What will happen with a DoS > attack?
bobs can still have a size (say images max 4 MB and attachement max 10 MB?) informix has a max query size does this affect what can be uploaded? > - create a config/util/ directory and put there the configuration files > just like the modules/builders. > +1 I would expect it somewhere in the config dir > > - Set the maxFileSize in the constructor of HttpPost. > -1 Then it has to be defined on multiple places? Doens't i make sence to you to make this configurable so that for example you de decide that attachements can be bigger then images? I quick grep show the files using HttpPost (the editwizards are using jspsmartupload) bridge/jsp/taglib/ContextTag.java servlet/SimpleFormToMailServlet.java (deprecated?) servlet/remoteXML.java (deprecated?) servlet/servdb.java (deprecated?) servlet/servscan.java (hmm?) no very impressive. I think HttpPost should be deprecated and therefore the configuration hidden somewhere deep inside the HttpPost code
