Reading/Writting server files?
Hello guys!
I'm making an application with java web start.
I need to read and writte a xml file, locatedin the same machine that i have the jar files and jnlp file (file located at the server, not in the client machine).
When i tried to do a FileOpen, i catch an error "file open denied", and the file is in the server side!
I have read in forums there is a security problem for reading local files, files int the client side, but if i try to work with files located in the server side , there are security problems too? I need to sign the jar equally? Any question more?
Thanks for the help!
null
[650 byte] By [
JosBravoa] at [2007-11-27 5:09:12]
# 1
> I'm making an application with java web start.
>
> I need to read and writte a xml file, located in the same machine
> that i have the jar files and jnlp file (file located at the server, not
> in the client machine).
Why? Can any two clients write the one file
at the same time? What is in the file?
If the XML file is on the server, it will require
server side functionality to update it. This might
be done via a JSP or servlet that is designed to
accept file uploads, the same in PHP or ASP,
or the FTP 'PUT' command.
Note that each of those has potential
security issues for the server, so the
server must take measures to verify
clients and limit the damage that might
be done by a malevolent or careless user,
or software malfunction (dumping a 1 Gig
stacktrace back to the server is usually
not helpful, especially if client software is
doing it from an infinite loop!).
# 2
In effect, this is an application only for use exclusive of 3 programmers (not clients).
But i have read by internet that not is possible to download any file not included in the jar file. That so, the response for me is "not is possible to manipulate a file in the server"
Curiosly, it's possible manipulate files from local disk, but no files included in the same directory of the server.
I will try now to do a FTP , for get the xml file, manipulate, and after ftp put. I think that it's possible to do this in java web start?
thanks friends.
# 3
> ...i have read by internet that not is possible to download
> any file not included in the jar file.
Try 'my' internet - dietz333 says..
http://forum.java.sun.com/thread.jspa?threadID=5173345&tstart=10
"..in JDK 6 - Java Web Start added the feature of being able to download and use jar files that are not listed in the jnlp file. (An untrusted app can only download from the same host, but a trusted app can download from anywhere)."
That is to download - reading files from
the server.
> That so, the response for me is "not is possible to
> manipulate a file in the server"
>
> Curiosly, it's possible manipulate files from local disk,
> but no files included in the same directory of the server.
Reading files from a server, is a very different
thing to writing them to the server.
Think about ..
- if a competitor changed your application for
a joke app. - or one that redirects users to a
porn site..
- if an attacker decided to take the site out
by sending Gbytes of data to it!
The server must look after itself, and it does
so by implementing security against people
uploading things (as well as limiting what
they can read).
For writing the file back to the server..
> I will try now to do a ... ftp put. I think that it's
> possible to do this in java web start?
If you can do that from the command line -
it is possible to do it in web start.
# 4
Fantastic friend, thanks for the help
In this situation, the java web start application will be used only in internal lan, not for external clients, in this situation, when the server it's used in "lan mode", we want to read a xml file, and update it, than another web application reads only this file por show to the clients the results.
The application pretends to be used por update/delete/create entrys on the xml file, that other client programm only will can read it.
Thanks a lot, i will be use "ftp" for get the file , alter, and after put the file.
Josep
