Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
1.0.0
-
None
-
Operating System: other
Platform: Other
-
22633
Description
As per the above-referenced mailing list discussion thread, I run into two problems:
1) the browser appears to upload the entire file that is bigger than the
maxFileSize and only after completing the upload, MaxLengthExceededException is
thrown. (If that is really true, this is not particularly defensive against
denial of service attacks)
2) I get the MaxLengthExceededException as a stack-trace, but it doesn't appear
that I can catch this exception in any of my "struts.jar-user" .java files.
------
3) Also, is there a way not to specify this on the global web.xml level, but on
a case by case basis? Depending on the user classes I attribute a user-session
to, I would like to vary this value: highly trusted users shall be able to
upload more than anonymous users.
Since after quite some searching, I didn't find an answer to this, I suggest to
enhance the documentation correspondingly.
or more recent post to the same topic:
http://marc.theaimsgroup.com/?l=struts-user&m=104332226122935&w=2
Attachments
Issue Links
- depends upon
-
-
- Open
-