aspose file tools*
The moose likes Servlets and the fly likes how to restrict user to only to upload excel files? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "how to restrict user to only to upload excel files?" Watch "how to restrict user to only to upload excel files?" New topic
Author

how to restrict user to only to upload excel files?

Sapumal Bandara
Greenhorn

Joined: Oct 29, 2013
Posts: 26

Guys I created a JSP to upload excel files to a server. But It still seems to be letting any type of file to be uploaded. Is there a way to do it? following is my JSP.



Regards,
Sapumal.


Be you.. not someone else.. in everything you do..
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41574
    
  54
A quick googling suggest that this attribute is not consistently and reliably implemented by browsers (and not all by some widely used versions, like Safari 5 and IE 9).

But regardless of that, you should not rely on the client anyway, and need to implement the check on the server (where it's easy to implement a much more reliable test).


Ping & DNS - my free Android networking tools app
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

You cannot block uploads on the server side based on file type. Neither the file extension nor the upload MIME type can be trusted. Which is one of the ways malware gets in.

The best you can do is to discard the uploaded data if you disapprove of it.

One reason you can't block the upload is that (barring "chunked" transmissions), the data is actually part of the total form upload data packet, not something transferred independently the way that images are. So by the time you know what's arriving, it's already there.


Customer surveys are for companies who didn't pay proper attention to begin with.
Sapumal Bandara
Greenhorn

Joined: Oct 29, 2013
Posts: 26

Thanks for the advice guys.. So should it be done in my servlet or somewhere else? I mean using a java script or something like that?


Regards,
Sapumal.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61063
    
  66

JavaScript runs in the browser, so, no.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to restrict user to only to upload excel files?