I am a beginner in website development in java. I wish to develop a website that allow users to download zip files from the web. The zip files are stored in another FTP server (with login and password) different from the web server.
I only know that one of the way is to add the link below in the webpage:
We can also insert login and password to this link. But there is security issue with this solution. When user click this link, a dialog box is displayed to prompt user whether he want to download this file. However, on the browser status bar, it shows the the full path of the zip file with its login and password.
Is there any other solutions to solve this problem? It would also be good if anyone could provide some sample source codes to solve this problem.
? is a standard that seems consistent across linguisitcs ... and is generally used in URL'S separate the file and directory and computer name stuff from other information that one may wish to transmit to the server during request / response time.
the plus sign replaces any spaces, the ampersand serves as a separator so that one can have several "name, value pairs" All of this is covered in html in one place or another, but servlets and JSP (Java Server Pages) bring all of this together effectively in a package that is far more likely to serve your needs than anything you can write yourself.
Core Servlets and JavaServer Pages by Marty Hall is by far the place to start, but to satisfiy you curiosity ( which is inevitable ) you can write a simple stubb that uses the string searching methods of the String class:
public int indexOf(int ch)
public int length()
public char charAt(int index)
public boolean regionMatches(int toffset, String other, int ooffset, int len)
(... other methods ...)
What you can do is sent a dummy cleartext name value pair by way of the web page that goes to the other machine, then do any real swamping locally on the machine you have control over. The strong point of doing this with Java Server Pages and Servlets is the ability to generate unique name=value pairs at runtime so that it looks on the other end like you are doing some real work ~ exercising absurd caution in never letting anything go to the machine about which you have concerns that in any way could be used effectively against the secure machine. In fact, you can literally write Java code that will run effectively at request time, bringing you the full power of Java to bear on your originally stated challenge of dealing with an insecure remote. The challenge is endemic and you should remember the greatest threat comes from within. This is normal and routine computer science, and in fact I have a team member who is formally trained on computer security and the challenge you are facing is rich with motivations to learn computer science, independent of whether you are dealing with a Rat's Nest or not.
Folowing this viewpoint of approach to the problem, each "dummy" n/v pair is no longer a dummy, but can be recored in a ROT-13 file and if it ever shows up anwhere other than where it is supposed to, you know to start printing up resumes and investigate our certification department.
ROT-13 is not considered encryption by computer science and is extremely weak, being breakable by beginner methods. ( some people can read ROT-13 directly with the unaided eye ). I wrote an incomplete rotator, have not even hit the compile button, let alone tested ~ this is to save you wasted hours on all-night-hair-pullers where you do not get anything done, trying to think of approaches to the application of computer science to the real world. If you have a question about it, you will have better luck in intermedtiate - then come back here for your original quesion.
Jaculum Prudentia: Jackal Beware.
One thing I have noted is that you will eventually need some form of char nextChar = (char) generator.nextInt() * 0x0020 + 0x007e;, but it may be awhile before you understand why: anything that makes any sense (to a human) should not be transmitted to an insecure remote> How can I prove this ? Well why do you need a password in the first place ? Passwords are a pain and nobody wants to use them. If they do, the first thing they do is put it where they can find it easily and now we have a real mess Someone who now is trying to do good work becomes the easy work for the person who made us need passwords in the first place.
Soon, if you do the reading I propose, you figure out that the forms stuff you will read about has a method called hidden that will transmit name /value pairs whithout them showing up in the url. You can do all of this and more with enough reading and testing. Go post your base question in Servlets , just see what happens. Tell them I told you to so you don't get hit for cross posting and let's just see what they have to say about your question. [ September 04, 2007: Message edited by: Nicholas Jordan ]