Protect your Java web application from the consequences of uploading large files

Problem Description:
Sometimes in our web applications, we provide HTML file inputs to our application users so they can upload their documents to the server.

BUT what will happen if a user or more upload a 3 or 4 or more giga bytes files to the server in the same time?
Unfortunately the server may have an OutOfMemory exception.

Another problem is that the client side file size validation is not supported on all browsers for security reasons (Actually the only allowed file size validation is on IE through the “Scripting.FileSystemObject” ActiveX control). So this sort of validation unfortunately has to be done on the server side???

Problem Solution:
Limiting the HTTP post size through setting a value for the (PostSizeLimit) parameter in the HTTP server.
In the IBM HTTP server (for example), this parameter exists in a file called (plugin-cfg.xml) under (/WebSphere/AppServer/config/cells).

Setting the PostSizeLimit to “20971520” means that the maximum file size to be allowed is 20 MB.
And setting the PostSizeLimit parameter to “-1” means unlimited post size.

I wish that this tip can be useful to you guys.

This entry was posted in Java, Web 2.0, WebSphere and tagged , , , , by hazems. Bookmark the permalink.

About hazems

Hazem Saleh has more than eleven years of experience in Cloud, Mobile and Open Source technologies. He worked as a software engineer, technical leader, application architect, and technical consultant for many clients around the world. He is an Apache PMC (Project Management Committee) member and a person who spent many years of his life writing open source software. Beside being the author of the "JavaScript Unit Testing" book, "JavaScript Mobile Application Development" book, "Pro JSF and HTML5" book and the co-author of the "Definitive guide to Apache MyFaces" book, Hazem is also an author of many technical articles, a developerWorks contributing author and a technical speaker in both local and international conferences such as ApacheCon North America, Geecon, JavaLand, JSFDays, CON-FESS Vienna and JavaOne. Hazem is an XIBMer, he worked in IBM for ten years. Now, He is working for Nickelodeon New York as a Mobile Architect. He is also an OpenGroup Master Certified Specialist.