• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to restrict user to only to upload excel files?

 
Sapumal Bandara
Ranch Hand
Posts: 31
Android Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys I created a JSP to upload excel files to a server. But It still seems to be letting any type of file to be uploaded. Is there a way to do it? following is my JSP.



Regards,
Sapumal.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A quick googling suggest that this attribute is not consistently and reliably implemented by browsers (and not all by some widely used versions, like Safari 5 and IE 9).

But regardless of that, you should not rely on the client anyway, and need to implement the check on the server (where it's easy to implement a much more reliable test).
 
Tim Holloway
Saloon Keeper
Pie
Posts: 17989
47
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You cannot block uploads on the server side based on file type. Neither the file extension nor the upload MIME type can be trusted. Which is one of the ways malware gets in.

The best you can do is to discard the uploaded data if you disapprove of it.

One reason you can't block the upload is that (barring "chunked" transmissions), the data is actually part of the total form upload data packet, not something transferred independently the way that images are. So by the time you know what's arriving, it's already there.
 
Sapumal Bandara
Ranch Hand
Posts: 31
Android Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the advice guys.. So should it be done in my servlet or somewhere else? I mean using a java script or something like that?


Regards,
Sapumal.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64618
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JavaScript runs in the browser, so, no.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic