Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > Way to handle security issue

Reply
Thread Tools

Way to handle security issue

 
 
Tod
Guest
Posts: n/a
 
      05-13-2005
Pardon my newbieness. (And try not to laugh to hard.)

I have a intranet site that allows users to log in and get excel
reports. The user clicks the name of the report and it opens it from a
folder for that user. Easy enough. The problem is that the path of the
folder for that user is displayed in the Status Bar when it is being
downloaded. I've discovered that users are grabing that path, changing
the folder name, and can then access other folders. I don't want that
to happen. (You can already tell I'm new at this, can't ya')

My first idea was to hide or alter the URL. Not a good idea it seems.
My next idea was to grant access at the folder level. But there are
several dozen folders. That would be an admin nightmare.

Somebody more knowledgable that I must know how to do this.

tod

 
Reply With Quote
 
 
 
 
kaeli
Guest
Posts: n/a
 
      05-13-2005
In article <(E-Mail Removed) .com>,
http://www.velocityreviews.com/forums/(E-Mail Removed) enlightened us with...
> My next idea was to grant access at the folder level. But there are
> several dozen folders. That would be an admin nightmare.


Yes, but it's generally the way it's done for file sharing.
Put all the folders they should access in one folder and grant to that one.
What do you care if they nevigate folders they're already allowed to view by
typing in a URL?

>
> Somebody more knowledgable that I must know how to do this.


You could stream the file from a server-side process.
The URL would be the URL for the server-side script. The script would take a
filename as a param, then stream it to the user. Standard file download stuff
instead of linking to a file.
Requires server-side scripting, though, such as java servlets or .net.

--
--
~kaeli~
Why do they lock gas station bathrooms? Are they afraid
someone will clean them?
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Package to handle table text render (handle space or tab betweenthe columns) ? =?ISO-8859-1?Q?KLEIN_St=E9phane?= Python 3 10-06-2006 08:46 AM
Possible to handle web requests without an ASPX page? i.e. have DLL handle request. jdlwright@shaw.ca ASP .Net 2 05-31-2005 05:42 PM
how to handle command line output(not terminal handle) Leon Python 2 11-04-2004 05:16 AM
File Handle Reading Blues: Rereading a File Handle for Input Dietrich Perl 1 07-22-2004 10:02 AM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM



Advertisments