Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In my web application I need to upload file to the server. This file is JasperReport template and its extension is .jrxml. So I want to make that server accepts files only with this extension. To upload file I’m using ServletFileUpload. To verify file extension I’m only verifying if fileName contains “.jrxml”. But I don’t feel that this method is secure enough. Is there any possibility to make upload more safe ?
You can use XML Validator to verify the uploaded file against the Jasper Report XSD. If you wanted to go the additional step you could also compile the uploaded template using the JasperCompile though that might be overkill for your app and a drag on performance.