Custom file upload using jsp

The work in the past few days mainly involves uploading files (mainly images) and online integration with the HTML editor, which is easy to operate and similar to the online images currently referenced. I have read this story a little bit, but it is not without reason: the core DoUpLoadBean of servlet has been completed before; secondly, I have integrated the editor on my personal blog using php, and I can't see any particularly difficult issues. But in fact, after expansion, we found that it is easy to simply implement the upload, but to arrange the upload policy properly, we have to be careful. Because it is very dangerous to allow uploading itself, this is actually a matter of fact. It is never difficult to allow customers to perform actual operations on the server, this is not a rare case; it can be imagined that once the system is activated, such attacks will inevitably happen.
On the other hand, you must consider later management when allowing users to upload local files, because, even if the user is local, the biggest hard disk will not be able to tell you how long the garbage is full. Besides, it is now a server that many people are allowed to use at the same time. If there is no precise policy, it will not take long for the customer to upload files to crash the system. In the last week, a friend asked me for help, saying that their database had reached 30 GB and the hard disk had been eaten up, and the machine was dead. In this case, I could only help myself, because, it is certain that the vast majority of the content is rubbish, but it cannot be understood what is garbage and what is necessary. Because they lack a strategy. In addition, even if the user is not malicious, in most cases, the hard disk will soon be full when the disk is activated for loading. If this is a system disk, it usually means a crash, you must use a connection to restrict the upload to another dedicated partition to ensure security. Iquota is usually not useful here, because it is complicated and dangerous to combine a WEB account with an operating system account. At the same time, if the uploaded file is not assigned a directory to each user, it should also be added with a prefix before each user's name for identification. In this way, in case of cleaning, in combination with the file date, you can use the find/grep/rm combination script to back up or clear data, at least possible.
There are other factors that lead to a much larger number of Upload operations than simply adding a file to an upload program. These include permission control (considering the possibility of using upload for attacks, this article has to be careful), file management, and modification of attributes, including size, type restrictions, which can facilitate the modification of storage methods, etc. In fact, when it is done, the upload part only takes five lines of programs, and the management part is no less than 50 lines.
Today, you no longer have to write your own input stream. Even if you have not accumulated any data, you can still find open source code on the Internet, like jakarta commons upload. There are no examples of this thing. Most of the examples we have found do not run smoothly. It is not a strange programmer, but it does not only have no documentation, but also changes methods and classes: in the example, the UpLoad is actually DiskUpload, but what is the difference between the current Upload? Why can I skip the setting of memory consumption? I cannot find any explanation. Although I have a preference for my own code, because my code cannot process multiple file uploads, although this situation is actually rare, I have never figured out how to identify more than one Upload request, which means I still do not know RFC1864. Since there is something more reliable, don't be too eccentric about your own things. As a result, the DoUploadBean that has been used for several years is completely buried.