aspose file tools*
The moose likes Servlets and the fly likes How can i access files which are outside webapps directory Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How can i access files which are outside webapps directory" Watch "How can i access files which are outside webapps directory" New topic
Author

How can i access files which are outside webapps directory

avinash katore
Greenhorn

Joined: Jun 30, 2010
Posts: 2
give me some code or trick so that i can get access or i can give link to that files.

problem is my project directory is on E:\ drive and i am having a file on C:\ drive

i am using <a href="C:\new.txt"> to access through my project but it wont create link to that file.

is there any idea to gain access of that file.

thanks in advance
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

you're using windows so you can't use soft links, but is there way to do that in Win7?
You can create a piping servlet to open the local stream and pump to the servlet output, but this is not the preferred option.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

David O'Meara wrote:You can create a piping servlet to open the local stream and pump to the servlet output, but this is not the preferred option.

Why not? That's pretty much how most apps send non-app-relative data to clients, isn't it?
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I was referring to the security implication of having a servlet eg /context/FileAccessor/* and return files by converting the '*' to a location relative to (for example) C:\work
If you blindly allow access to files such as /context/FileAcccess/../boot.ini or password files, you could compromise your system
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Oh, gotcha; yeah, that'd be bad :)
Rahul Nair
Ranch Hand

Joined: Dec 01, 2007
Posts: 138

Hi,

Thank you very much for sharing such gotcha... Sorry to say, but it will be far better if you please elaborate it more...

If user have some boot.ini or password files available in this path, then it will be more easy to read... and the secret details will be readable...
Is it like that ?

Thanks

Rahul
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

If you take 'any ' path from the request and convert it into a path on your local system, it would potentially allow malicious users to read files that you do not want them to access. Containers like Tomcat protect against resources being read from outside the application, but once you allow this (as you are requesting) then you are now responsible for ensuring this doesn't happen
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

@Rahul: you haven't really explained your complete requirements. If you're trying to access a file of a known name (like the name is stored in the database as part of a file upload process, for example) then just create the complete file path by supplying the root directory of the uploads and the name of the file stored in the DB. If people are typing in the filename portion then make sure there are no relative directory elements ("..")

Much more beyond that and we'd need to know what you're actually trying to do.
 
 
subject: How can i access files which are outside webapps directory