[Javascript] Resizing images client-side

Terry Riegel riegel at clearimageonline.com
Mon Jul 16 14:02:13 CDT 2007 

> This is probably "good enough" for the majority (being nice people)  
> -- but if
> someone was being intentionally malicious, headers can be forged.


A client side solution would not solve this problem any more than a  
server side solution would. As a forged request would not be  
protected by a client side solution as the client would not be nice  
to begin with. In this case you could just have your script stop  
accepting data that was to large. For example if you set the server  
limit to 1mb, and you had already received 1.8 MB stop the request.

Terry



On Jul 16, 2007, at 2:31 PM, Nick Wiltshire wrote:

> On Monday 16 July 2007 12:13, Terry Riegel wrote:
>>> PHP can do this as well, but this is data in the request, on the
>>> server
>>> side, ie, after the data has gone over the wire.
>>
>> Correct, only after. This is why you would need to use to use PERL,
>> or ASP as they can stop it before it gets there. Once they read the
>> headers they can determine if they want to get the rest.
>>
>
> This is probably "good enough" for the majority (being nice people)  
> -- but if
> someone was being intentionally malicious, headers can be forged.
>
> Plus, as someone mentioned the content length header is not  
> required. You'd
> still need to account for that as well.
>
> However, if it actually works, this sounds plausible.
>
>> Terry
>>
>>> By that time, it's too late, either the file was too big, or it
>>> took too
>>> long and the user got sick of waiting.
>>>
>>> Learn Java, write a desktop app.
>>>
>>> -----Original Message-----
>>> From: javascript-bounces at LaTech.edu
>>> [mailto:javascript-bounces at LaTech.edu] On Behalf Of Glenn E.
>>> Lanier, II
>>> Sent: Friday, July 13, 2007 3:33 PM
>>> To: '[JavaScript List]'
>>> Subject: RE: [Javascript] Resizing images client-side
>>>
>>>
>>> I think you can look in the POST/GET headers to see the size of the
>>> data
>>> envelope in most languages. I know C++ based ISAPI allows you to
>>> access
>>> this information before receiving the entire POSTed info (GET has  
>>> size
>>> limits, so does not apply here). I would assume ASP.NET provides
>>> access
>>> to similar; don't know about PHP but it may "protect" the developer
>>> from
>>> seeing all the particulars.
>>>
>>> --G
>>> _______________________________________________
>>> Javascript mailing list
>>> Javascript at LaTech.edu
>>> https://lists.LaTech.edu/mailman/listinfo/javascript
>>
>> _______________________________________________
>> Javascript mailing list
>> Javascript at LaTech.edu
>> https://lists.LaTech.edu/mailman/listinfo/javascript
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>

More information about the Javascript mailing list