Upload
dmitrykrivaltsevich
View
417
Download
0
Embed Size (px)
Citation preview
AgendaWhat we will talk about:
• How to upload files to the server• Java security model. Escape from the sandbox• POST-requests. Chunked or fixed-length?• Multi threaded applet VS single threaded JS
HTML4. Form submit
Pros:• Native• Easy to implement
Cons:• Multiple file selection: not supported• Directory traversal: not supported• Drag & Drop from FS: not supported
HTML5. JS (File API + AJAX)
• <input type="file" multiple=""/>• File API
Pros:• Multiple file selection• One input field for all files• Pre-processing files on client side
Implementation:
Cons:• Firefox 3.6.*: several implementation issues• IE: not supported• Directory traversal: not supported
Flash uploaderImplementation:• Embedded flash-object
Pros:• Multiple file selection• Various browsers: flash-plugin required
Cons:• Directory traversal: not supported
Java security model
JVM Sandbox
Classloader
Local or remote code (usigned / signed)
Security policy
Valuable resources (files, etc)
Escape from the sandbox
Signing
• Create keystore• Create private key• Create signed/self-signed certificate• Sign applet
Multi threaded applet VS single threaded JS
Thread #1
Thread #2
Thread #3
JVM
Thread #3Thread #1Thread #1Thread #3Thread #2
JSThread #1
JSqueue
Upload appletImplementation:• Java-applet
Pros:• Multiple file and directories selection• Directory traversal• Drag & drop directly from File System
Cons:• Java & Java plugin required• Mac OS X: works only in Safari