Am 21.01.2017 um 15:12 schrieb Ben Coman btc@openInWorld.com: On Sat, Jan 21, 2017 at 1:22 AM, Bernhard Pieber bernhard@pieber.com wrote: Hi Johan,
Thank you for your detailed answer. See below.
Am 20.01.2017 um 10:12 schrieb Johan Brichau johan@inceptive.be:
imho, it’s better practice to detect too large file upload in your app on the client side, i.e. before your user has been uploading xxx MB. For that, you can check out various client-side programs like jQuery-FileUpload (https://blueimp.github.io/jQuery-File-Upload/)
Thanks for the pointer. I will look into adding somthing like this on the client side. Someone mentioned using Dropzone.js from Seaside. I had searched stackoverflow for limiting upload file size and found some helpful tips: http://stackoverflow.com/questions/11514166/check-file-size-before-upload
However, I also found warnings like these: „Keep in mind that even if it's now possible to validate on the client, you should still validate it on the server, though. All client side validations can be bypassed.“ „Of course, this … can be tampered with so always use server side validation.“
This is why I wanted to find a user-friendly way to prevent this from my server code. Are you saying, this is not necessary in your opinion?
In general I'd say... If someone is smart-enough and wicked enough to bypass your client side checks, you don't need to be user-friendly to them. The server checks are more to protect your server from them.
You are right. I am convinced. I will add client side checks. Thanks for your answer, Ben.
Cheers, Bernhard
seaside@lists.squeakfoundation.org