i have a web application which stores users file in directory which is under webroot directory..
Suppose web application is under 'fileupload' and all files are getting stored in 'xyz' folder under 'fileupload' so now if user points to url say like
www.xyzpqr.com/fileupload/xyz/abc.doc, he gets that file.
How do i restirct this from happening.. i have thought of putting xyz folder in WeB-inf folder but as my application is very big i have to made changes at too many places.. so is there any way so that without moving the folder to web-inf (restricted folders) i can achieve wat i want..
In many cases, this is something that you can set in the configuration for the webserver your files are stored on. You can require passwords for directory access, or restrict things even further than that. It will vary by implementation exactly what configuration file you need to look at, but some common ones are http.conf and .htaccess
If you're unsure, it's probably worth it to contact your hosting company and/or network admin.
Hi if you are using Apache web server you can protect a directory by password. But you need to be able to edit/create .htaccess file.
Here's the solution for WAMP server:
http://php-mysql.develop.sitefrost.com/PHP/security.php
It is very similar for other platforms. When someone wants to access a protected directory he must first submit username and password.
I would suggest creating a filter which examines every URL to see if the user has access to that particular file and denies the request if not.
This gives you full control.
Related
I'm developing local-only JSP application using Apache Tomcat server. I would like to put a promotion videos on my intro page, but I don't want to move them to webapp folder or anywhere else.
The promotion videos are located:
E:\data\videos\2018...
But writing a JSP/HTML like this wont launch the video, but however it works off-server (launching html from desktop for example, so the path may not be issue?)
<video src="file:///E:/data/videos/2018/promotion1.mp4" controls></video>
Local file links from remote resources are disabled by almost all browsers by default. There are certain possibilities to overcome that, e.g.:
http://kb.mozillazine.org/Links_to_local_pages_do_not_work
https://discourse.mozilla.org/t/opening-links-to-local-files-file/16449/2
To access your static media files from remote page you need to configure your Tomcat server as described here: http://teknosrc.com/access-local-files-static-content-images-videos-media-files-outside-web-application-system-apache-tomcat-server/
solution:
a.) make sure your server is on the same system where the media files are.
b.) If so, you have to create a folder (ex. media) in your application folder inside /src/main/webapp/ and have to put all media files inside a media folder. After that, you can surely access the media files through a server.
Ok, I'm a beginner so this maybe stupid but i afraid that clients can modify static resources (css/javascript files) on server if they can load them directly through URL path (Of course I have to put css/javascript files outside of WEB-INF folder).
If my hypothesis is wrong, could you give me links or quotes to help me expand my knowledge ? Thank you :)
When a user's browser requests resources from your server, they are performing a GET request. This request will not directly change any file on your server. The request will go through your web server and will be processed. In the case of the resources such as css/javascript files, the web server sees the user is requesting the file and sends the contents of the file back. There is no way the user can update the contents of those files on the server unless you write code on the server to allow them to update the files. If the user has direct access to the server via ssh or other protocol and has permissions on the folder that holds the resources, they would be able to change them.
The whole process is much more complex for going through the web server, but for brevity left out here. Here is a good article that explains what really happens when you go to an address in a browser:
https://medium.com/#maneesha.wijesinghe1/what-happens-when-you-type-an-url-in-the-browser-and-press-enter-bb0aa2449c1a
I'm looking for a way within Spring MVC to put my JSP pages in a remote machine and load them when I need them.
The reason I wanna do this is because my application received some page templates from users and I have to save them somewhere and load them dynamically when that page get requested! I was thinking if I want to put my users' JSPs pages inside my web-app on real time, It's not possible so I have two choice :
1) save it in a remote place and get reference to it while a request comes in
2) save them inside database which I think that's not good because the user page may have so many visitors ...
What solution you suggest ?
Using unix? Maybe you could mount the remote server and create a symbolic link to WEB-INF/jsp directory to point to the remote mount.
I develop a web application using JDeveloper. Then, my scenario is I want to get a file from client directory (e.g. C://Image.jpg). What I want to achieve is the client's directory defined programmatically. So, I used InputStream, but it will search a file in server directory. if I used UploadedFile, I don't know how to define it. Note that I don't want to use InputFile.
Does anyone have a solution for me?
Search for HTTP File Upload. You need an <input type='file'> control on your webpage, and form encoding set as enctype='multipart/form-data'.
Generally, you can't control the default directory where the browser is going to open a file chooser -- it normally starts from the "user home" directory, but other dirs can be navigated to.
A web application uploads files (images only) from client to server location no any DB and also save the same file/files from server to client's machine.
Process 1. upload a file <input type="file /">
2. save files into server predifined location : java
3. download the same files from server to client's machine by clicking on save button
problem : let suppose there are two users and they are uploading different files with same name at same time in predifined (or programmed) server's folder.
then how should i avoid this kind of naming conflict & how to programmed for, which file belongs to whom (client) .
possible sol'n : during uploading the file from client to server, create one folder for each client and save the file into specifiec newly created folder.
please note that there is no any Database in application. please suggest any better
Environment : java servlet Apache-tomcat 6.0 xhtml
Use HttpServletReqeust.getSession() method to get client's unique session and then HttpSession.getId() to get session's identifier which you can use in directory/file name construction.
create one folder for each client/user.
Seems like the obvious solution to me. Using session id will result in many more directories being created. If the server saved images are to be used later(which I assume they are, otherwise whats the point of saving them). Having a directory structure based on usernames(or similar) would be much less painful to navigate than anything else.