aspose file tools*
The moose likes Servlets and the fly likes how to restrict user to only to upload excel files? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "how to restrict user to only to upload excel files?" Watch "how to restrict user to only to upload excel files?" New topic
Author

how to restrict user to only to upload excel files?

Sapumal Bandara
Ranch Hand

Joined: Oct 29, 2013
Posts: 31

Guys I created a JSP to upload excel files to a server. But It still seems to be letting any type of file to be uploaded. Is there a way to do it? following is my JSP.



Regards,
Sapumal.


Be you.. not someone else.. in everything you do..
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42289
    
  64
A quick googling suggest that this attribute is not consistently and reliably implemented by browsers (and not all by some widely used versions, like Safari 5 and IE 9).

But regardless of that, you should not rely on the client anyway, and need to implement the check on the server (where it's easy to implement a much more reliable test).


Ping & DNS - my free Android networking tools app
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

You cannot block uploads on the server side based on file type. Neither the file extension nor the upload MIME type can be trusted. Which is one of the ways malware gets in.

The best you can do is to discard the uploaded data if you disapprove of it.

One reason you can't block the upload is that (barring "chunked" transmissions), the data is actually part of the total form upload data packet, not something transferred independently the way that images are. So by the time you know what's arriving, it's already there.


Customer surveys are for companies who didn't pay proper attention to begin with.
Sapumal Bandara
Ranch Hand

Joined: Oct 29, 2013
Posts: 31

Thanks for the advice guys.. So should it be done in my servlet or somewhere else? I mean using a java script or something like that?


Regards,
Sapumal.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61434
    
  67

JavaScript runs in the browser, so, no.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: how to restrict user to only to upload excel files?