I have a servlet to let user upload file from their local machine. Before it is uploaded to my app server, I need to make sure there is no malicious characters in it. Can servlet get a ByteStream or InputStream from that local file ? shall I check malicious char from that stream ? After checking I can save that stream to server , does this make sense ?
What is a "malicious character"? Are the files in question text files? I'm asking because in a binary file, all bytes are possible.
The common file upload libraries (like Apache Commons FileUpload) give you access to the byte so that you can examine it to your heart's content.
Ping & DNS - updated with new look and Ping home screen widget
Joined: Mar 28, 2006
actually now I am concerned about how to read the file. If the servlet let user specifies their local file by providing a "browse" button to get the file from their PC, can my servlet get a "bufferedReader" from that ? I like to have a "bufferedReader" so I can use "readLine()" to get a string for each line. I don't want to use byte. I know that if we have a file saved on local disk, it is easy to get a "bufferedreader" by getting a InputStreamReadeer object first (InputStreamReader cna be created from the file itself). But in the file upload case, I don't know how to get a bufferedreader object from it ?
Joined: Mar 22, 2005
Well, most fundamentally a file consists of bytes. The upload library can't provide you with a Reader, because it doesn't know which encoding the file is in. But the FileUpload library provides you with an InputStream (check the FileItem class), around which you can wrap any Reader you want.