File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Java in General and the fly likes File download link Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "File download link" Watch "File download link" New topic

File download link

harry flower

Joined: Aug 29, 2007
Posts: 19

I am a beginner in website development in java.
I wish to develop a website that allow users to download zip files from the web.
The zip files are stored in another FTP server (with login and password)
different from the web server.

I only know that one of the way is to add the link below in the webpage:

<A HREF="">

We can also insert login and password to this link. But there is
security issue with this solution. When user click this link,
a dialog box is displayed to prompt user whether he want to download
this file. However, on the browser status bar, it shows the the full
path of the zip file with its login and password.

Is there any other solutions to solve this problem?
It would also be good if anyone could provide some sample source codes
to solve this problem.

Thanks in advance.
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
Your code looks fine to me.

In general, study Servlets for what you are trying to do.

You may consider:

vvv.some.dom/file ? name=value

Servlets will make these name value pairs available ( you put the name in your code, you get the var at runtime )

It is a very developed body of code and has it's own discussion fora (Plural of forum)

At the ranch: Servlets discusses many issues you will be facing.
[ September 01, 2007: Message edited by: Nicholas Jordan ]

"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
harry flower

Joined: Aug 29, 2007
Posts: 19
Hi Nicholas,

Thanks for your reply. I will go through topics on Servlet.

However can I check with you what is the meaning of '?' in this URL below?
vvv.some.dom/file ? name=value

It is part of JSP or Servlet?
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282

? is a standard that seems consistent across linguisitcs ... and is generally used in URL'S separate the file and directory and computer name stuff from other information that one may wish to transmit to the server during request / response time.

After the ? follows one or more textual sequences like passsword=whiskey+rebellion .... these name value pairs are used in Java also as Properties (configuration values managed as key/value pairs )

the plus sign replaces any spaces, the ampersand serves as a separator so that one can have several "name, value pairs" All of this is covered in html in one place or another, but servlets and JSP (Java Server Pages) bring all of this together effectively in a package that is far more likely to serve your needs than anything you can write yourself.

Core Servlets and JavaServer Pages by Marty Hall is by far the place to start, but to satisfiy you curiosity ( which is inevitable ) you can write a simple stubb that uses the string searching methods of the String class:

  • public int indexOf(int ch)
  • public int length()
  • public char charAt(int index)
  • public boolean regionMatches(int toffset, String other, int ooffset, int len)
  • (... other methods ...)

  • What you can do is sent a dummy cleartext name value pair by way of the web page that goes to the other machine, then do any real swamping locally on the machine you have control over. The strong point of doing this with Java Server Pages and Servlets is the ability to generate unique name=value pairs at runtime so that it looks on the other end like you are doing some real work ~ exercising absurd caution in never letting anything go to the machine about which you have concerns that in any way could be used effectively against the secure machine. In fact, you can literally write Java code that will run effectively at request time, bringing you the full power of Java to bear on your originally stated challenge of dealing with an insecure remote. The challenge is endemic and you should remember the greatest threat comes from within. This is normal and routine computer science, and in fact I have a team member who is formally trained on computer security and the challenge you are facing is rich with motivations to learn computer science, independent of whether you are dealing with a Rat's Nest or not.

    Folowing this viewpoint of approach to the problem, each "dummy" n/v pair is no longer a dummy, but can be recored in a ROT-13 file and if it ever shows up anwhere other than where it is supposed to, you know to start printing up resumes and investigate our certification department.

    ROT-13 is not considered encryption by computer science and is extremely weak, being breakable by beginner methods. ( some people can read ROT-13 directly with the unaided eye ). I wrote an incomplete rotator, have not even hit the compile button, let alone tested ~ this is to save you wasted hours on all-night-hair-pullers where you do not get anything done, trying to think of approaches to the application of computer science to the real world. If you have a question about it, you will have better luck in intermedtiate - then come back here for your original quesion.

    Jaculum Prudentia: Jackal Beware.

    One thing I have noted is that you will eventually need some form of char nextChar = (char) generator.nextInt() * 0x0020 + 0x007e;, but it may be awhile before you understand why: anything that makes any sense (to a human) should not be transmitted to an insecure remote> How can I prove this ? Well why do you need a password in the first place ? Passwords are a pain and nobody wants to use them. If they do, the first thing they do is put it where they can find it easily and now we have a   real mess   Someone who now is trying to do good work becomes the easy work for the person who made us need passwords in the first place.

    Soon, if you do the reading I propose, you figure out that the forms stuff you will read about has a method called hidden that will transmit name /value pairs whithout them showing up in the url. You can do all of this and more with enough reading and testing. Go post your base question in Servlets , just see what happens. Tell them I told you to so you don't get hit for cross posting and let's just see what they have to say about your question.
    [ September 04, 2007: Message edited by: Nicholas Jordan ]
    I agree. Here's the link:
    subject: File download link
    It's not a secret anymore!