Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

special char in an uploaded file

 
ben oliver
Ranch Hand
Posts: 375
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a servlet to let user upload file from their local machine. Before it is uploaded to my app server, I need to make sure there is no malicious characters in it. Can servlet get a ByteStream or InputStream from that local file ? shall I check malicious char from that stream ? After checking I can save that stream to server , does this make sense ?
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is a "malicious character"? Are the files in question text files? I'm asking because in a binary file, all bytes are possible.

The common file upload libraries (like Apache Commons FileUpload) give you access to the byte[] so that you can examine it to your heart's content.
 
ben oliver
Ranch Hand
Posts: 375
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
actually now I am concerned about how to read the file. If the servlet let user specifies their local file by providing a "browse" button to get the file from their PC, can my servlet get a "bufferedReader" from that ? I like to have a "bufferedReader" so I can use "readLine()" to get a string for each line. I don't want to use byte[]. I know that if we have a file saved on local disk, it is easy to get a "bufferedreader" by getting a InputStreamReadeer object first (InputStreamReader cna be created from the file itself). But in the file upload case, I don't know how to get a bufferedreader object from it ?

 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, most fundamentally a file consists of bytes. The upload library can't provide you with a Reader, because it doesn't know which encoding the file is in. But the FileUpload library provides you with an InputStream (check the FileItem class), around which you can wrap any Reader you want.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic