Way to handle security issue

Discussion in 'Javascript' started by Tod, May 13, 2005.

  1. Tod

    Tod Guest

    Pardon my newbieness. (And try not to laugh to hard.)

    I have a intranet site that allows users to log in and get excel
    reports. The user clicks the name of the report and it opens it from a
    folder for that user. Easy enough. The problem is that the path of the
    folder for that user is displayed in the Status Bar when it is being
    downloaded. I've discovered that users are grabing that path, changing
    the folder name, and can then access other folders. I don't want that
    to happen. (You can already tell I'm new at this, can't ya')

    My first idea was to hide or alter the URL. Not a good idea it seems.
    My next idea was to grant access at the folder level. But there are
    several dozen folders. That would be an admin nightmare.

    Somebody more knowledgable that I must know how to do this.

    tod
     
    Tod, May 13, 2005
    #1
    1. Advertising

  2. Tod

    kaeli Guest

    In article <>,
    enlightened us with...
    > My next idea was to grant access at the folder level. But there are
    > several dozen folders. That would be an admin nightmare.


    Yes, but it's generally the way it's done for file sharing.
    Put all the folders they should access in one folder and grant to that one.
    What do you care if they nevigate folders they're already allowed to view by
    typing in a URL?

    >
    > Somebody more knowledgable that I must know how to do this.


    You could stream the file from a server-side process.
    The URL would be the URL for the server-side script. The script would take a
    filename as a param, then stream it to the user. Standard file download stuff
    instead of linking to a file.
    Requires server-side scripting, though, such as java servlets or .net.

    --
    --
    ~kaeli~
    Why do they lock gas station bathrooms? Are they afraid
    someone will clean them?
    http://www.ipwebdesign.net/wildAtHeart
    http://www.ipwebdesign.net/kaelisSpace
     
    kaeli, May 13, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dietrich
    Replies:
    1
    Views:
    649
    Joe Smith
    Jul 22, 2004
  2. Tom Ewall
    Replies:
    1
    Views:
    549
    JScoobyCed
    Aug 17, 2004
  3. Leon
    Replies:
    2
    Views:
    537
  4. =?ISO-8859-1?Q?KLEIN_St=E9phane?=
    Replies:
    3
    Views:
    454
    hanumizzle
    Oct 6, 2006
  5. Replies:
    6
    Views:
    286
    =?ISO-8859-1?Q?Arne_Vajh=F8j?=
    Oct 14, 2007
Loading...

Share This Page