 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / February 2007Force browser to open a file (rather than save/open/cancel)
Hi! Im using jsp, and tomcat, what I am trying to is have some file security. The main goal for me is to dissallow users from downloading the setup exe directly to their computers, instead I would like to is force them to actually open the file (therefore running the setup.exe). does anyone have any ideas? .. > Im using jsp, and tomcat, what I am trying to is have some file > security. Remove all files from the public directories. > The main goal for me is to dissallow users from downloading the setup > exe directly to their computers, instead I would like to is force Forcing the user to do anything, is a lost cause. >...them > to actually open the file (therefore running the setup.exe). > > does anyone have any ideas? Change your strategy. Did this have something to do with Java? Andrew T. > The main goal for me is to dissallow users from downloading the setup > exe directly to their computers, instead I would like to is force them > to actually open the file (therefore running the setup.exe). > > does anyone have any ideas? Let the users enter their address. You travel to the user, put in the CD into the drive and install the stuff you want using setup.exe on the CD. Regards, Lothar  SignatureLothar Kimmeringer E-Mail: spamfang@kimmeringer.de PGP-encrypted mails preferred (Key-ID: 0x8BC3CD81) Always remember: The answer is forty-two, there can only be wrong questions! > Hi! > > Im using jsp, and tomcat, what I am trying to is have some file > security. No, what you're trying to do is impinge on the security of other people. > The main goal for me is to dissallow users from downloading the setup > exe directly to their computers, instead I would like to is force them > to actually open the file (therefore running the setup.exe). > > does anyone have any ideas? Get the users to submit their location, go around with the installer on CD, run it, then clean their memory, paging file, and any cache locations in windows, or they might retrieve the exe. This is a really silly request. Why on earth do you want to do this? All I can think of is that you're trying to install malware on people's computers from a webpage. > > Hi! > [quoted text clipped - 16 lines] > I can think of is that you're trying to install malware on people's > computers from a webpage. No, actually I think I see what he wants to do. Suppose he has a product - an application that he is selling on the web. He wants people to be able to pay for that product, then after the transaction they are allowed to run the setup program, which installs the program on the local computer. What he does not want is for the purchaser to get a copy of the setup program that could then be used to install the program on multiple computers. Not likely to work well with a java based product, as unlike typical MSWindows programs Java doesn't usually litter files all over the hard drive. But, he is using jsp as the page technology and is interested in how to allow a user to run a program from the server without downloading it - in effect, like streaming audio rather than allowing the user to download the MP3. > No, actually I think I see what he wants to do. Suppose he has a > product - an application that he is selling on the web. He wants [quoted text clipped - 10 lines] > downloading it - in effect, like streaming audio rather than allowing > the user to download the MP3. This sort of thing is done with JEE all the time - it's called "Service-Oriented Architecture" and "portals". The degree of difficulty is influenced by one's degree of ownership of the services provided. Extremely exogenous processes may require screen scraping, or even manual intervention; nepotistic services could share resources directly. - Lew >>> Hi! >>> Im using jsp, and tomcat, what I am trying to is have some file [quoted text clipped - 20 lines] > get a copy of the setup program that could then be used to install the > program on multiple computers. Right, I can imagine him wanting that... I just don't think it's very realistic. It reminds me of people asking, "How can I put images on a web page but stop people from downloading them?" - ultimately, you can't. If you can see it, you've downloaded it in some form. Methods of hiding/obfuscating the information exist (e.g. image-viewing flash movies that download the info in a non-standard format, descramble it, then show it in the browser), and they can work to a certain extent. But ultimately, if you put the info out there on a web page, the user can get the information. A more common way of doing it is the requiring of a license key for the software to run... but in the end, same problem: the information is in the end-users hands. They can mangle it and prod it and edit it and disable protection, etc. Obviously not trivial to do for exes, but crackers do that sort of stuff.... > Not likely to work well with a java based product, as unlike typical > MSWindows programs Java doesn't usually litter files all over the hard > drive. Sorry, not quite sure what you mean there.... What is it that won't work well with a Java product? > But, he is using jsp as the page technology and is interested > in how to allow a user to run a program from the server without > downloading it - Well, web applications are running on the server side, not the client, so that is one solution, but it's not a native .exe, obviously. The user just can't run a program on their own computer with downloading it somehow, in some form. > in effect, like streaming audio rather than allowing > the user to download the MP3. Streaming audio is in effect actually just downloading an audio file (but playing the file as it goes along and not saving it to the local disk). There's a stream setup protocol on top (e.g. RTSP for streaming video) that to some degree hides where the actual file/data is. But if you know the protocols you can usually locate the actual file and download it by using wget or curl on the command line, or just pasting the actual file's url in your browser, then hitting 'save' if you are offered the option. > >>> Hi! > >>> Im using jsp, and tomcat, what I am trying to is have some file [quoted text clipped - 64 lines] > the actual file's url in your browser, then hitting 'save' if you are > offered the option. When I said it may not work for java apps, what I was referring to is that Windows apps tend to get littered around the hard drive, with parts in system directories as well as the application directory, and entries in the registry to put it all together. It is therefore hard to just zip up a directory and send it to a friend so they can use the program to. Java is much better behaved, but that also means that it is easier to zip up a directory and send it to a friend and have the application work on their system. So, a protection scheme that depends on one time use of an installer is not as likely to work. Once the installer sets up the application directory and places the files, that directory can be zipped and sent to a friend. So, AT's suggestion to change the approach seems best. > When I said it may not work for java apps, what I was referring to is > that Windows apps tend to get littered around the hard drive, with [quoted text clipped - 11 lines] > > So, AT's suggestion to change the approach seems best. Ah I see, thanks for clarifying. Yup, change of approach seems good. lex > The main goal for me is to dissallow users from downloading the setup > exe directly to their computers, instead I would like to is force them > to actually open the file (therefore running the setup.exe). ... and when they run it, where do you think they run it FROM? Look up "Temporary Internet Files". tiewknvc9 schrieb: > Hi! > [quoted text clipped - 4 lines] > exe directly to their computers, instead I would like to is force them > to actually open the file (therefore running the setup.exe). Simple answer: you can't. The browser sends an HTTP request to your web-server which in turn answers with an HTTP response. This response contains (aside other information like status and headers) your setup.exe. Even if there were headers which describe your concern, they only can ask the client to do what you like... IOW: A browser may not consider your request to open the file. Bye Michael > IOW: A browser may not consider your request to open the file. Hmm, I think it should be 'might not' instead of 'may not'... Bye Michael > > IOW: A browser may not consider your request to open the file. > > Hmm, I think it should be 'might not' instead of 'may not'... ;-) Hopefully the browser /would/ not -- if a website can force a browser to run a program without the user having the chance to save it to a safe location for virus-checking (etc) then that browser is /badly/ broken... -- chris Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.