File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes how to restrict user to only to upload excel files? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "how to restrict user to only to upload excel files?" Watch "how to restrict user to only to upload excel files?" New topic
Author

how to restrict user to only to upload excel files?

Sapumal Bandara
Ranch Hand

Joined: Oct 29, 2013
Posts: 31

Guys I created a JSP to upload excel files to a server. But It still seems to be letting any type of file to be uploaded. Is there a way to do it? following is my JSP.



Regards,
Sapumal.


Be you.. not someone else.. in everything you do..
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42951
    
  72
A quick googling suggest that this attribute is not consistently and reliably implemented by browsers (and not all by some widely used versions, like Safari 5 and IE 9).

But regardless of that, you should not rely on the client anyway, and need to implement the check on the server (where it's easy to implement a much more reliable test).
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16308
    
  22

You cannot block uploads on the server side based on file type. Neither the file extension nor the upload MIME type can be trusted. Which is one of the ways malware gets in.

The best you can do is to discard the uploaded data if you disapprove of it.

One reason you can't block the upload is that (barring "chunked" transmissions), the data is actually part of the total form upload data packet, not something transferred independently the way that images are. So by the time you know what's arriving, it's already there.


Customer surveys are for companies who didn't pay proper attention to begin with.
Sapumal Bandara
Ranch Hand

Joined: Oct 29, 2013
Posts: 31

Thanks for the advice guys.. So should it be done in my servlet or somewhere else? I mean using a java script or something like that?


Regards,
Sapumal.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61773
    
  67

JavaScript runs in the browser, so, no.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to restrict user to only to upload excel files?