Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
Win a copy of Kotlin for Android App Development this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Devaka Cooray
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • salvin francis
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Enquires about the possibility of running script to write files to web server  RSS feed

 
Ranch Hand
Posts: 91
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear all,

I am programmer and now writing some java code to write the content to the web server folder.
I have the enquires about the possibility of writing contents to a file to web server if hacker is using jsp with ajax by firefox.
As you know that firefox allows to change the html content or javascripts or ajax of the web page and do post.
 
Saloon Keeper
Posts: 5235
143
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
(I have moved this discussion to the servlets forum, because JSPs should not do any I/O, or contain any Java code to begin with.)

Because it is possible to tamper with client-side requests (with any client, not just Firefox), any data arriving at the server needs to be validated. If that is done properly, nothing should get saved (or written to a file) that is not authorised. So what you describe sounds like faulty server-side coding, possibly a lazy developer only performing client-side validation - which any web security tutorial will tell you is inadequate.
 
All of the world's problems can be solved in a garden - Geoff Lawton. Tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database
https://coderanch.com/t/704633/RavenDB-Open-Source-NoSQL-Database
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!