On 2/10/2011 7:04 AM, Rainer Jung wrote: > Servlet 3 standardizes file uploads. It contains the ability to limit on > request size, > pretty much the same as commons fileupload supported for many years. > > It seems when this conditions triggers the rest of the request inout stream > is still > drained at the end of the request. swallowInput is not being set to false. > > It seems there's still no server-side prevention against huge uploads > possible. The upload > is not put into memory, but the thread is only freed once the whole request > body is read. > Shouldn't Tomcat ignore the rest of data and close the connection in this > case?
In HTTP, this is required if you will reject the request with a status. The behavior is RFC-correct per Apache httpd's design, which has been debated on plenty of occasions and the finger always goes back to RFC 2616 correctness. For non-HTTP connections, anything goes :) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
