Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Can a servlet/jsp write/ read files outside its context/domain ?

 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can a servlet/jsp write/ read files outside its context/domain ?(A servlet loaded from some other server)??
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is not dependent on JSP/Servlet. It's dependent on how the files are exposed and accessible.
 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bauke Scholtz , thanks for the quick reply .

Regarding this, my doubt is that will this be not a security issue (what i mean is that if i write a servelt which will be responsible to destroy the folders /delete files on to others machines)??
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64984
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You cannot write files where you do not have permission to. It's the responsibility of the administrator setting up the server to ensure that user permissions are set properly.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
RaviNada Kiran wrote:Bauke Scholtz , thanks for the quick reply .

Regarding this, my doubt is that will this be not a security issue (what i mean is that if i write a servelt which will be responsible to destroy the folders /delete files on to others machines)??

Again, this "security issue" doesn't lie on JSP/Servlet, but just on the person who controls the files.

If I for instance expose my files via a public FTP with full read/write rights, then one could certainly write a java class which accesses it and deletes everything. If the FTP is not public and/or only allows read access, then the java class can't do anything. It just has the same possibilities as "in real". You've it in your hands.
 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Bear Bibeault and Bauke , this doubt has been in my mind for a long time
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic