Enhanced File Upload   Dmitry Krivaltsevich
AgendaWhat we will talk about:•   How to upload files to the server•   Java security model. Escape from the sandbox•   POS...
HTML4. Form submit
HTML4. Form submit                  hidden iframeImplementation:                                  form target
HTML4. Form submit Pros: • Native • Easy to implement Cons: • Multiple file selection: not supported • Directory traversal...
HTML5. JS (File API + AJAX)       Google use it for Google docs
HTML5. JS (File API + AJAX)
HTML5. JS (File API + AJAX)Implementation: • <input type="file" multiple=""/> • File API Pros:  • Multiple file selection ...
Flash uploader       Facebook
Flash uploader Implementation:  • Embedded flash-object Pros:  • Multiple file selection  • Various browsers: flash-plugin...
Java applet    ABC app              Google docs
Java applet  HTML template
Java applet  HTML template  HTTP-Only cookies
Java security model     Local or remote code (usigned / signed)  Security policy                                     Class...
Escape from the sandbox  Signing   • Create keystore   • Create private key   • Create signed/self-signed certificate   • ...
Escape from the sandbox   Create key and certificate   Sign JAR
Escape from the sandbox  Signing in ant
Escape from the sandbox  Signing in maven
Escape from the sandbox
HTTP-POST Request             2                         1                            1                        3           ...
Transfer-Encoding: chunked Example  Explanation
Drag & Drop
Applet – JavaScript interactions
Multi threaded applet VS single threaded JS      JS            JVM                     queue                              ...
Upload applet Implementation:  • Java-applet Pros:  • Multiple file and directories selection  • Directory traversal  • Dr...
Do you have any questions?               Thanks!
Upcoming SlideShare
Loading in …5
×

Enhanced File Upload

403 views

Published on

Presentation for my workshop on topic \'Enhanced File Upload\'

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
403
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • показать html-заготовку
  • гугл добавил загрузку фолдеров -- узнать как они грузят фолдеры (если можно). во всяком случае, для других клиентов они добавили загрузку фолдеров через апплет http://googledocs.blogspot.com/2011/04/simpler-file-upload-in-google-docs.html
  • не все браузеры хорошо поддерживают (например, 3.6.*) http://stackoverflow.com/questions/4263118/html5-drag-drop-uploads
  • Enhanced File Upload

    1. 1. Enhanced File Upload Dmitry Krivaltsevich
    2. 2. AgendaWhat we will talk about:• How to upload files to the server• Java security model. Escape from the sandbox• POST-requests. Chunked or fixed-length?• Multi threaded applet VS single threaded JS
    3. 3. HTML4. Form submit
    4. 4. HTML4. Form submit hidden iframeImplementation: form target
    5. 5. HTML4. Form submit Pros: • Native • Easy to implement Cons: • Multiple file selection: not supported • Directory traversal: not supported • Drag & Drop from FS: not supported
    6. 6. HTML5. JS (File API + AJAX) Google use it for Google docs
    7. 7. HTML5. JS (File API + AJAX)
    8. 8. HTML5. JS (File API + AJAX)Implementation: • <input type="file" multiple=""/> • File API Pros: • Multiple file selection • One input field for all files • Pre-processing files on client side Cons: • Firefox 3.6.*: several implementation issues • IE: not supported • Directory traversal: not supported
    9. 9. Flash uploader Facebook
    10. 10. Flash uploader Implementation: • Embedded flash-object Pros: • Multiple file selection • Various browsers: flash-plugin required Cons: • Directory traversal: not supported
    11. 11. Java applet ABC app Google docs
    12. 12. Java applet HTML template
    13. 13. Java applet HTML template HTTP-Only cookies
    14. 14. Java security model Local or remote code (usigned / signed) Security policy Classloader Sandbox JVM Valuable resources (files, etc)
    15. 15. Escape from the sandbox Signing • Create keystore • Create private key • Create signed/self-signed certificate • Sign applet
    16. 16. Escape from the sandbox Create key and certificate Sign JAR
    17. 17. Escape from the sandbox Signing in ant
    18. 18. Escape from the sandbox Signing in maven
    19. 19. Escape from the sandbox
    20. 20. HTTP-POST Request 2 1 1 3 4 1 1 Boundary 2 Fixed-Length 4 Filename and directory path 3 Field name
    21. 21. Transfer-Encoding: chunked Example Explanation
    22. 22. Drag & Drop
    23. 23. Applet – JavaScript interactions
    24. 24. Multi threaded applet VS single threaded JS JS JVM queue Thread #3 Thread #3 Thread #1 Thread #1 Thread #2 Thread #3 Thread #2 JS Thread #1 Thread #1
    25. 25. Upload applet Implementation: • Java-applet Pros: • Multiple file and directories selection • Directory traversal • Drag & drop directly from File System Cons: • Java & Java plugin required • Mac OS X: works only in Safari
    26. 26. Do you have any questions? Thanks!

    ×