aspose file tools*
The moose likes Servlets and the fly likes Can a servlet/jsp write/ read files outside its context/domain ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Can a servlet/jsp write/ read files outside its context/domain ?" Watch "Can a servlet/jsp write/ read files outside its context/domain ?" New topic
Author

Can a servlet/jsp write/ read files outside its context/domain ?

RaviNada Kiran
Ranch Hand

Joined: Jan 30, 2009
Posts: 528
Can a servlet/jsp write/ read files outside its context/domain ?(A servlet loaded from some other server)??

If you want something you never had do something which you had never done
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
This is not dependent on JSP/Servlet. It's dependent on how the files are exposed and accessible.
RaviNada Kiran
Ranch Hand

Joined: Jan 30, 2009
Posts: 528
Bauke Scholtz , thanks for the quick reply .

Regarding this, my doubt is that will this be not a security issue (what i mean is that if i write a servelt which will be responsible to destroy the folders /delete files on to others machines)??
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61603
    
  67

You cannot write files where you do not have permission to. It's the responsibility of the administrator setting up the server to ensure that user permissions are set properly.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
RaviNada Kiran wrote:Bauke Scholtz , thanks for the quick reply .

Regarding this, my doubt is that will this be not a security issue (what i mean is that if i write a servelt which will be responsible to destroy the folders /delete files on to others machines)??

Again, this "security issue" doesn't lie on JSP/Servlet, but just on the person who controls the files.

If I for instance expose my files via a public FTP with full read/write rights, then one could certainly write a java class which accesses it and deletes everything. If the FTP is not public and/or only allows read access, then the java class can't do anything. It just has the same possibilities as "in real". You've it in your hands.
RaviNada Kiran
Ranch Hand

Joined: Jan 30, 2009
Posts: 528
Thanks Bear Bibeault and Bauke , this doubt has been in my mind for a long time
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Can a servlet/jsp write/ read files outside its context/domain ?