You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Paul Benedict (JIRA)" <ji...@apache.org> on 2007/08/22 09:16:34 UTC

[jira] Updated: (STR-1705) Document how to use web.xml "maxFileSize" and how to deal with "MaxLengthExceededException"

     [ https://issues.apache.org/struts/browse/STR-1705?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Benedict updated STR-1705:
-------------------------------

      Component/s:     (was: Core)
                   Website
    Fix Version/s: Future
         Assignee:     (was: Struts Developers)
          Summary: Document how to use web.xml "maxFileSize" and how to deal with "MaxLengthExceededException"  (was: [upload] Document how to use web.xml "maxFileSize" and how to deal with "MaxLengthExceededException")

> Document how to use web.xml "maxFileSize" and how to deal with "MaxLengthExceededException"
> -------------------------------------------------------------------------------------------
>
>                 Key: STR-1705
>                 URL: https://issues.apache.org/struts/browse/STR-1705
>             Project: Struts 1
>          Issue Type: Improvement
>          Components: Website
>    Affects Versions: 1.0.0
>         Environment: Operating System: other
> Platform: Other
>            Reporter: Ralf Hauser
>            Priority: Minor
>             Fix For: Future
>
>
> As per the above-referenced mailing list discussion thread, I run into two problems:
> 1) the browser appears to upload the entire file that is bigger than the
> maxFileSize and only after completing the upload, MaxLengthExceededException is
> thrown. (If that is really true, this is not particularly defensive against
> denial of service attacks)
> 2) I get the MaxLengthExceededException as a stack-trace, but it doesn't appear
> that I can catch this exception in any of my "struts.jar-user" .java files.
> ------
> 3) Also, is there a way not to specify this on the global web.xml level, but on
> a case by case basis? Depending on the user classes I attribute a user-session
> to, I would like to vary this value: highly trusted users shall be able to
> upload more than anonymous users.
> Since after quite some searching, I didn't find an answer to this, I suggest to
> enhance the documentation correspondingly.
> or more recent post to the same topic:
> http://marc.theaimsgroup.com/?l=struts-user&m=104332226122935&w=2

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.