JSP writes to text file: File permissions

I wrote a JSP webpage that takes data from a registration form and adds it to a CSV spreadsheet. The permissions for the CSV file are set to 666.

My question is: can users make arbitrary changes to the CSV? My JSP prevents unauthorized data from getting through into the file, but if the user can just open up the file and bypass the JSP completely, what can be done about that? Or does the user only have access to add to the CSV through the JSP?

Also, in the data that is being written to the CSV, what should I prevent from being written? Right now I have it filtering out special characters, but in the long run it would be nice to allow special characters because of the type of data we are receiving.

[725 byte] By [DavidKerka] at [2007-11-26 16:20:14]

«« running external class
»» Unit test for a class

# 1

To prevent user to access your CSV file form the web server you can simply store the file outside the web folder with all others JSPs. For example your web application could be stored in /webapp/mywebapp and your CSV file in /webapp/csvfiles.

To prevent local user to access your file you can start web application with superuser rights in order to grant it access to priviledged folders.

topfoxya at 2007-7-8 22:43:46 >

top of Java-index,Security,Other Security APIs, Tools, and Issues...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

JSP writes to text file: File permissions

Security New Topic

Security Hot Topic

Security

All Classified