aspose file tools*
The moose likes Servlets and the fly likes Where to place uploaded file securely in jsp and servlet file sharing web application? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Where to place uploaded file securely in jsp and servlet file sharing web application?" Watch "Where to place uploaded file securely in jsp and servlet file sharing web application?" New topic
Author

Where to place uploaded file securely in jsp and servlet file sharing web application?

Param Ganak
Greenhorn

Joined: May 09, 2012
Posts: 3
Hello Friends!
I want to develop a file sharing web application. Whose functionality is something as follows.
1. User logs in to my web site.
2. Fills a form regarding file description and give local path to the files they want to upload.
4. After submitting the form the web application will creates a directory in given fix common directory location and stores the file in it.
3. A fix directory location is available to my web application either in hard coded way or using web.xml file in which it will be set either using context or config parameters which will be decided later.
4. The file size may vary from few MB's to few hundred MB's. File types may be image file, pdf file, or office files.
5. I don't want to store these files in database tables.
6. Whenever user want to see these files he will get the list of file names on a page. User need to click on the link of file name so that respective file will be visible in his browser.

My question are as follows

1) Where to store these uploaded files on server very securely as per standards?
As I want to put these files on server securely so that nobody can access these files by bookmarking the url to these files or without loging in to my site.
Most of the times the files are uploaded to a specified directory which is located in web application directory on web server which looks very suitable to my requirements.
But main issue with this approach is that whenever I will going to redeploy my application the files in this directory will be deleted.

Please guide me friends where do I put the files securely and make available to user for view them easily?
Thank You!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
That's easy: use a directory that's outside of the webapps directory. That way it's not accessible directly, and won't get removed if your web app is undeployed. You can still configure the path in web.xml if you want.


Ping & DNS - my free Android networking tools app
Param Ganak
Greenhorn

Joined: May 09, 2012
Posts: 3
Ulf Dittmer wrote:That's easy: use a directory that's outside of the webapps directory. That way it's not accessible directly, and won't get removed if your web app is undeployed. You can still configure the path in web.xml if you want.


Thanks for your reply!

My few queries are as follows
1) What happen when my web server is changed?
2) My application will be get hosted on a third party hosting and not on my own server in this case does that hosting company will going to allow me to maintain a separate folder outside my web application directory? In this case is this approach is secure so that no other will access my files without my application?

Thank You!
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16141
    
  21

1. A data file directory is a data file directory. I could delete my webapp servers entirely, but that wouldn't affect the data file directories I use.

2. It's impossible to say on this one, since it depends on how much of the client OS a given ISP will give you direct access and control over. The ones I use allow me to do anything up to and including installing my own OS software packages, but the less expensive ones may not be as generous.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Where to place uploaded file securely in jsp and servlet file sharing web application?