[jira] Updated: (STR-1705) Document how to use web.xml "maxFileSize" and how to deal with "MaxLengthExceededException"

Wed, 22 Aug 2007 00:17:04 -0700 

     [ 
https://issues.apache.org/struts/browse/STR-1705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Paul Benedict updated STR-1705:
-------------------------------

      Component/s:     (was: Core)
                   Website
    Fix Version/s: Future
         Assignee:     (was: Struts Developers)
          Summary: Document how to use web.xml "maxFileSize" and how to deal 
with "MaxLengthExceededException"  (was: [upload] Document how to use web.xml 
"maxFileSize" and how to deal with "MaxLengthExceededException")

> Document how to use web.xml "maxFileSize" and how to deal with 
> "MaxLengthExceededException"
> -------------------------------------------------------------------------------------------
>
>                 Key: STR-1705
>                 URL: https://issues.apache.org/struts/browse/STR-1705
>             Project: Struts 1
>          Issue Type: Improvement
>          Components: Website
>    Affects Versions: 1.0.0
>         Environment: Operating System: other
> Platform: Other
>            Reporter: Ralf Hauser
>            Priority: Minor
>             Fix For: Future
>
>
> As per the above-referenced mailing list discussion thread, I run into two 
> problems:
> 1) the browser appears to upload the entire file that is bigger than the
> maxFileSize and only after completing the upload, MaxLengthExceededException 
> is
> thrown. (If that is really true, this is not particularly defensive against
> denial of service attacks)
> 2) I get the MaxLengthExceededException as a stack-trace, but it doesn't 
> appear
> that I can catch this exception in any of my "struts.jar-user" .java files.
> ------
> 3) Also, is there a way not to specify this on the global web.xml level, but 
> on
> a case by case basis? Depending on the user classes I attribute a user-session
> to, I would like to vary this value: highly trusted users shall be able to
> upload more than anonymous users.
> Since after quite some searching, I didn't find an answer to this, I suggest 
> to
> enhance the documentation correspondingly.
> or more recent post to the same topic:
> http://marc.theaimsgroup.com/?l=struts-user&m=104332226122935&w=2

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to