On Sat, Jan 21, 2017 at 1:22 AM, Bernhard Pieber <bernh...@pieber.com> wrote:
> Hi Johan, > > Thank you for your detailed answer. See below. > > Am 20.01.2017 um 10:12 schrieb Johan Brichau <jo...@inceptive.be>: > > > > imho, it’s better practice to detect too large file upload in your app > on the client side, i.e. before your user has been uploading xxx MB. For > that, you can check out various client-side programs like jQuery-FileUpload > (https://blueimp.github.io/jQuery-File-Upload/) > Thanks for the pointer. I will look into adding somthing like this on the > client side. Someone mentioned using Dropzone.js from Seaside. I had > searched stackoverflow for limiting upload file size and found some helpful > tips: > http://stackoverflow.com/questions/11514166/check-file-size-before-upload > > However, I also found warnings like these: > „Keep in mind that even if it's now possible to validate on the client, > you should still validate it on the server, though. All client side > validations can be bypassed.“ > „Of course, this … can be tampered with so always use server side > validation.“ > > This is why I wanted to find a user-friendly way to prevent this from my > server code. Are you saying, this is not necessary in your opinion? > > In general I'd say... If someone is smart-enough and wicked enough to bypass your client side checks, you don't need to be user-friendly to them. The server checks are more to protect your server from them. cheers -ben