I have a form with three Input File form objects in which the user can add image files. But I am worried about the problems these controls can lead, because to check the file size the server needs to receive the entire file, so serious problems may happen, for example:
1.
Malicious user trying to collapse the website sending big files.
Users that have not seen the warning “Maximum size: 100 KB” for each image, and try to send three image files consisting in 1,5 MB each one. These users will have a bad experience waiting one hour or more to upload the images, and after that receive an alert saying “Oooops! Your image files are too big.” And also, web server will waste an important amount of resources. The same case with 100 users at the same time can be a nightmare!
I have been searching a way to check the file size on client side without having to force user to install anything, but there isn’ t nothing to do with javascript. But I found an interesting PHP article that explains a way to do it. The technique consists in:
“A hidden field (measured in bytes) that precede the file input field, and its value is the maximum filesize accepted. This is an advisory to the browser, PHP also checks it. This form element should always be used as it saves users the trouble of waiting for a big file being transferred only to find that it was too big and the transfer failed.”
The complete article is here:
[url]http://us2.php.net/manual/en/features.file-upload.php
But it doesn’ t explain details about how implementing exactly this solution.
Does anyone know if a similar technique is it possible with ASP.NET? Other suggestions will be welcomed as well.
Thank you