Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to create files at client machine in java web application

 
Sreenath Guduru
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Is there any way like creating files, running batch files in the client machine where as java web application is deployed in some other server.

Please help out.

Thanks
Sreenath
 
Vishal Shaw
Ranch Hand
Posts: 179
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Huh, and what about the security. Doesn't it violates the security.
 
Sreenath Guduru
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vishal Shaw wrote:Huh, and what about the security. Doesn't it violates the security.


Hi,

I am new to java and looking for this feture to be implemented once after user allows with credentials. So, is there any to do this..?
 
Sreenath Guduru
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sreenath Gvl wrote:
Vishal Shaw wrote:Huh, and what about the security. Doesn't it violates the security.


Hi,

I am new to java and looking for this feture to be implemented once after user allows with credentials. So, is there any to do this..?


in other terms, even with security mesures, how can we achive this..any idea please...
 
Vishal Shaw
Ranch Hand
Posts: 179
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are thinking about running a process in client's machine without notifying the client ,forget it !!! It's hacking.

Can us tell me your exact requirement? That would be a better approach.
 
Sreenath Guduru
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vishal Shaw wrote:If you are thinking about running a process in client's machine without notifying the client ,forget it !!! It's hacking.

Can us tell me your exact requirement? That would be a better approach.


No its not like that.

What I want is I want to get path from user where he want to create some files which will be used for this project. And I will be creating files (may be batch files) at that path and and will execute them if necessary thats it.

Not for hacking. This is for our internal work.
 
Vishal Shaw
Ranch Hand
Posts: 179
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sreenath Gvl wrote:
Vishal Shaw wrote:If you are thinking about running a process in client's machine without notifying the client ,forget it !!! It's hacking.

Can us tell me your exact requirement? That would be a better approach.


No its not like that.

What I want is I want to get path from user where he want to create some files which will be used for this project. And I will be creating files (may be batch files) at that path and and will execute them if necessary thats it.

Not for hacking. This is for our internal work.


Well , that's almost like hacking.
For eg. suppose I ask a user to upload a photo, and then I used that path for creating a virus into the client's machine.

This is like fiddling with the System security and I bet whatever you do, this will be blocked by atleast some systems(which are more secure), until unless you are too good a hacker :wink:
 
Sreenath Guduru
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vishal Shaw wrote:
Sreenath Gvl wrote:
Vishal Shaw wrote:If you are thinking about running a process in client's machine without notifying the client ,forget it !!! It's hacking.

Can us tell me your exact requirement? That would be a better approach.


No its not like that.

What I want is I want to get path from user where he want to create some files which will be used for this project. And I will be creating files (may be batch files) at that path and and will execute them if necessary thats it.

Not for hacking. This is for our internal work.


Well , that's almost like hacking.
For eg. suppose I ask a user to upload a photo, and then I used that path for creating a virus into the client's machine.

This is like fiddling with the System security and I bet whatever you do, this will be blocked by atleast some systems(which are more secure), until unless you are too good a hacker :wink:


I already said it is for my internal purpose, No issues Sir, seems you dont have solution for this. Will find out.
 
Vishal Shaw
Ranch Hand
Posts: 179
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sreenath Gvl wrote:
Vishal Shaw wrote:
Sreenath Gvl wrote:
Vishal Shaw wrote:If you are thinking about running a process in client's machine without notifying the client ,forget it !!! It's hacking.

Can us tell me your exact requirement? That would be a better approach.


No its not like that.

What I want is I want to get path from user where he want to create some files which will be used for this project. And I will be creating files (may be batch files) at that path and and will execute them if necessary thats it.

Not for hacking. This is for our internal work.


Well , that's almost like hacking.
For eg. suppose I ask a user to upload a photo, and then I used that path for creating a virus into the client's machine.

This is like fiddling with the System security and I bet whatever you do, this will be blocked by atleast some systems(which are more secure), until unless you are too good a hacker :wink:


I already said it is for my internal purpose, No issues Sir, seems you dont have solution for this. Will find out.


Sure, and let me know after doing it.I would be glad to learn something as interesting as this.

Just for a caution
Sreenath Gvl wrote: Is there any way like creating files, running batch files in the client machine where as java web application is deployed in some other server.


This is not possible if client and server are on different machine (like what you asked for), until you have the application registered (may be through various security certificates) on client's machine.
 
Sreenath Guduru
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vishal Shaw wrote:
Sreenath Gvl wrote:
Vishal Shaw wrote:
Sreenath Gvl wrote:
Vishal Shaw wrote:If you are thinking about running a process in client's machine without notifying the client ,forget it !!! It's hacking.

Can us tell me your exact requirement? That would be a better approach.


No its not like that.

What I want is I want to get path from user where he want to create some files which will be used for this project. And I will be creating files (may be batch files) at that path and and will execute them if necessary thats it.

Not for hacking. This is for our internal work.


Well , that's almost like hacking.
For eg. suppose I ask a user to upload a photo, and then I used that path for creating a virus into the client's machine.

This is like fiddling with the System security and I bet whatever you do, this will be blocked by atleast some systems(which are more secure), until unless you are too good a hacker :wink:


I already said it is for my internal purpose, No issues Sir, seems you dont have solution for this. Will find out.


Sure, and let me know after doing it.I would be glad to learn something as interesting as this.

Just for a caution
Sreenath Gvl wrote: Is there any way like creating files, running batch files in the client machine where as java web application is deployed in some other server.


This is not possible if client and server are on different machine (like what you asked for), until you have the application registered (may be through various security certificates) on client's machine.



Sure. Thanks.
 
Paul Clapham
Sheriff
Posts: 21322
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The normal way to do it is to install something which will run in the browser and which can create those files. That's called an "applet" -- they are written in Java so probably you have heard of them.

And Vishal is right, there's a security exposure. So you can't just produce an applet and download it to the client's system and expect it to be messing about with the client's files. Ordinary applets aren't allowed to do that. You have to sign them first of all, and then the first time a signed applet runs on a client, it displays a dialog box asking if the user there is willing to trust the applet.

Now, if you were doing this for people in the general public like me or Vishal, you would want to get a certificate from one of the companies which produce those things. Signing the applet with one of those certificates then lets me or Vishal know that the company has checked you out and decided you are harmless and anyway they know where you live if you aren't. That would cost you a few hundred dollars. But it's also possible to generate your own certificate and sign your applet. If you do that, then the client will be told (in that dialog box which I mentioned) that you are using a self-signed certificate so you might not be trustworthy. But this is okay if it's for internal use within your company; the client will be told (if you do it right) that the certificate belongs to "Company X Information Technology" or whatever you put into the certificate.

This is how my company handles signed applets and it works just fine.
 
Vishal Shaw
Ranch Hand
Posts: 179
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:The normal way to do it is to install something which will run in the browser and which can create those files. That's called an "applet" -- they are written in Java so probably you have heard of them.

And Vishal is right, there's a security exposure. So you can't just produce an applet and download it to the client's system and expect it to be messing about with the client's files. Ordinary applets aren't allowed to do that. You have to sign them first of all, and then the first time a signed applet runs on a client, it displays a dialog box asking if the user there is willing to trust the applet.

Now, if you were doing this for people in the general public like me or Vishal, you would want to get a certificate from one of the companies which produce those things. Signing the applet with one of those certificates then lets me or Vishal know that the company has checked you out and decided you are harmless and anyway they know where you live if you aren't. That would cost you a few hundred dollars. But it's also possible to generate your own certificate and sign your applet. If you do that, then the client will be told (in that dialog box which I mentioned) that you are using a self-signed certificate so you might not be trustworthy. But this is okay if it's for internal use within your company; the client will be told (if you do it right) that the certificate belongs to "Company X Information Technology" or whatever you put into the certificate.

This is how my company handles signed applets and it works just fine.


Thanks for explaining it better :)
 
Sreenath Guduru
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:The normal way to do it is to install something which will run in the browser and which can create those files. That's called an "applet" -- they are written in Java so probably you have heard of them.

And Vishal is right, there's a security exposure. So you can't just produce an applet and download it to the client's system and expect it to be messing about with the client's files. Ordinary applets aren't allowed to do that. You have to sign them first of all, and then the first time a signed applet runs on a client, it displays a dialog box asking if the user there is willing to trust the applet.

Now, if you were doing this for people in the general public like me or Vishal, you would want to get a certificate from one of the companies which produce those things. Signing the applet with one of those certificates then lets me or Vishal know that the company has checked you out and decided you are harmless and anyway they know where you live if you aren't. That would cost you a few hundred dollars. But it's also possible to generate your own certificate and sign your applet. If you do that, then the client will be told (in that dialog box which I mentioned) that you are using a self-signed certificate so you might not be trustworthy. But this is okay if it's for internal use within your company; the client will be told (if you do it right) that the certificate belongs to "Company X Information Technology" or whatever you put into the certificate.

This is how my company handles signed applets and it works just fine.


Thanks a lot.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic