I am trying to implement File upload functionality using Servlet(using some third part APIs). Can anybody help me what all parameters/factors needs to be considered while transfering the file from client system to the server. How exactly it is to be implemented considering security as the main issue?
Thanks Ben... Sorry to mention third party API. Actually our company is having a framewrok which has the support for File upload, but since I am new to this functionality(i.e. file upload), I just wanted to know what all factors need to be considered for the same.
Do we need to have a separate File Transfer Server(which must be having some servlet application in itself) to do the processing of file or we can implement the whole processing of uploaded file in our own servlet itself.
Since the file upload functionality is supposed to be implemented for a financial institution, I am bit worried about the security related issues like scanning the file for viruses and other issues, which I am not aware of.
I would you request you to give me some more information on this, which will make things a bit easier.
Since you have posted this to the Servlet forum I assume you will be using the HTTP protocol to receive these files from clients/browsers. What you are looking for is the ability to process multipart HTTP requests on the server. Going with a third party library will probably save you a lot of time as implementing the complete RFC can take some time . There is also an open source free library from the Apache foundation (www.apache.org).
From security stand point the things you have to consider are what kind of information do you wish to receive and ensure that that is being send. What size of files you wish to accept and what types, where will those files be stored on the server. Do you have a virus scanner that may interfere or switch permission amid transmition. What permission will your files have during and once downloaded on your server. What ports will you use for this functionality. What other checks and functionality will your fileupload servlet need to peruse to conform to business requirements.
So what you have to do is analyse what you need to get from those files, why, when, how etc. and make sure that is the only thing that can be sent, sound rather simplified but in general terms that is it.
Good luck. George
Joined: Sep 22, 2003
Thank you very much George. Hope I can now carry on with the implementation..