• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How can i access files which are outside webapps directory

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
give me some code or trick so that i can get access or i can give link to that files.

problem is my project directory is on E:\ drive and i am having a file on C:\ drive

i am using <a href="C:\new.txt"> to access through my project but it wont create link to that file.

is there any idea to gain access of that file.

thanks in advance
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you're using windows so you can't use soft links, but is there way to do that in Win7?
You can create a piping servlet to open the local stream and pump to the servlet output, but this is not the preferred option.
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

David O'Meara wrote:You can create a piping servlet to open the local stream and pump to the servlet output, but this is not the preferred option.


Why not? That's pretty much how most apps send non-app-relative data to clients, isn't it?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was referring to the security implication of having a servlet eg /context/FileAccessor/* and return files by converting the '*' to a location relative to (for example) C:\work
If you blindly allow access to files such as /context/FileAcccess/../boot.ini or password files, you could compromise your system
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh, gotcha; yeah, that'd be bad :)
 
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Hi,

Thank you very much for sharing such gotcha... Sorry to say, but it will be far better if you please elaborate it more...

If user have some boot.ini or password files available in this path, then it will be more easy to read... and the secret details will be readable...
Is it like that ?

Thanks

Rahul
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you take 'any ' path from the request and convert it into a path on your local system, it would potentially allow malicious users to read files that you do not want them to access. Containers like Tomcat protect against resources being read from outside the application, but once you allow this (as you are requesting) then you are now responsible for ensuring this doesn't happen
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
@Rahul: you haven't really explained your complete requirements. If you're trying to access a file of a known name (like the name is stored in the database as part of a file upload process, for example) then just create the complete file path by supplying the root directory of the uploads and the name of the file stored in the DB. If people are typing in the filename portion then make sure there are no relative directory elements ("..")

Much more beyond that and we'd need to know what you're actually trying to do.
 
reply
    Bookmark Topic Watch Topic
  • New Topic