• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Can a servlet/jsp write/ read files outside its context/domain ?

 
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can a servlet/jsp write/ read files outside its context/domain ?(A servlet loaded from some other server)??
 
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is not dependent on JSP/Servlet. It's dependent on how the files are exposed and accessible.
 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Bauke Scholtz , thanks for the quick reply .

Regarding this, my doubt is that will this be not a security issue (what i mean is that if i write a servelt which will be responsible to destroy the folders /delete files on to others machines)??
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You cannot write files where you do not have permission to. It's the responsibility of the administrator setting up the server to ensure that user permissions are set properly.
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

RaviNada Kiran wrote:Bauke Scholtz , thanks for the quick reply .

Regarding this, my doubt is that will this be not a security issue (what i mean is that if i write a servelt which will be responsible to destroy the folders /delete files on to others machines)??


Again, this "security issue" doesn't lie on JSP/Servlet, but just on the person who controls the files.

If I for instance expose my files via a public FTP with full read/write rights, then one could certainly write a java class which accesses it and deletes everything. If the FTP is not public and/or only allows read access, then the java class can't do anything. It just has the same possibilities as "in real". You've it in your hands.
 
RaviNada Kiran
Ranch Hand
Posts: 528
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Bear Bibeault and Bauke , this doubt has been in my mind for a long time
 
I wish to win the lottery. I wish for a lovely piece of pie. And I wish for a tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic