How to restrict user access the file on the HTTP Server? - html

I'm writing a web application that allow user upload their files on the app. The file will be uploaded on the HTTP Server, after the user click the "upload" button. The user can receive the file by getting the file from the path.... ...for example: http://www.demo.com/user/abc/download/the_file.jpg
but I found that all the people can access this file using the path. How can I do, or is there a better way to manage the file that only registered user or the file owner can download the file?

Serving a file directly within a script is not an option because of performance issues and it's not really possible to serve BIG files because of memory limits.
The best option is to use the Apache module mod_xsendfile. The idea is to redirect all requests to a
PHP/Perl/Python script which will just set a HTTP header saying "Hey Apache, serve this file instead" and mod_xsendfile will take care of it.
And the client will never be able to download the file without this authentication.

If using something like apache httpd, you can use .htaccess files and have directories that are provisioned to users or groups if you want the user to continue accessing files at a path on the filesystem.
If you lock down the directory and have a script to manage file delivery, you can check permissions in the script and give the user the file requested or a 403.
I tend to use the script approach as it gives me more control over how the permissions are managed and more complex access scenarios.

Related

Upload css and html saved in a folder to host server

I'm new to programming generally. I have typed my css and html codes and saved in a folder. How do i upload this site to a host server. Thanks
Welcome.
To upload the files to your hosted server, you would need to use a FTP program ( File Transfer Protocol). A good free one to use would be filezilla, which a quick google search will come up for you.
Once you have downloaded filezilla you will need your server FTP settings, which you can find on your Hosted servers control panel. (They generally get you to create a username and password) you would need the FTP setting and Port with your login details, to be able to log in and start uploading your files.
One thing to be careful of, is the URL links for images/pages etc, as they may be different than if they were on your local machine.
You can use FTP (file transfer protocol) to achieve this. Download a free FTP client such as FileZilla, input your hostname and login information, and then you simply navigate to your desired server location and drag and drop.
You can read more about FTP here
https://en.m.wikipedia.org/wiki/File_Transfer_Protocol
Usually we have FTP (file transfer protocol) to send data to the server.
Softwares like Filezilla, for example, can connect and handle server's directories and files the way you want.
Anyway, you need to check the available services with your hosting service.

Chrome extension/app write and read from local directory without user interaction

I'm developing a management app and extension and what I need to do now is manage a local directory in Chrome OS. I will download/edit/remove by server.
I've tried to use API localStorage, but it prompts the user to select directory.
I've also tried the downloads API, I can download the files and delete them, but I can't edit or see what's in the directory.
Is there any other way I can do it?
Thanks
The user needs to select the directory once and you need to have {"fileSystem":["write","directory","retainEntries"]} permission in the manifest. The directory only needs to be selected once. There is no workaround for this.

How to upload file directly from a server to Google Drive using the Google Drive API?

Suppose I want to write a tool which allows the user to copy a file from Dropbox to Google Drive but I don't want to download the file first to my server and then upload it to the drive. Is there a way where I can insert a file to drive by just providing a URL? I couldn't find anything in the documentation.
No.
Having said that, it isn't necessary to create a file on your server. You can buffer the content in memory.
I suppose you could send the access token to the client via a POST request. You'd have to encrypt it, of course, preferably SSL. Then the client could use the Drive SDK to upload the file directly from itself, completely bypassing your server.

viewing a local pdf file in google chrome packaged apps

In my packaged app I would like to open pdf's stored in local filesystem. I've managed to open them if I select them using chrome.fileSystem.chooseEntry, but I can't find a way to do the same if the filesnames are hard coded.
The idea behind is an app that manages book information and allows to open them if they are stored in the local filesystem. Thanks a lot!
This can't be done, for good reason. Packaged apps have a security model based on the open web. Web pages can't access your local files without your permission (i.e., without a "user gesture" or a specific user action such as going through a file chooser), and packaged apps have the same restriction.
You could import local files (again using a user gesture) into the HTML5 file system, or into chrome.syncFileSystem. Then you'd have gestureless access to the imported copies. Likewise, you could export from either of those file systems to the local file system, again with a user gesture. But the boundary between local files and your app's access to them is meant to be loud and explicit.

How to force the download a file from a network share rather than editing the file there

I have a web page that is hosted in our local network. On my page I have a link to a document. The document is linked to a network share. If the user opens the file, edits it and then goes to save the file it overwrites what is on the share. When opening the file I want the user to download the file, so when they come to save it they do not have the option to save it back. How could I go about doing this?
Server side I have access to asp.
You need to create a link which when clicked, streams the contents of the file to the browser, rather than having a link to the files actual location. If you do this the user will be prompted to save the file somewhere locally.
I am not at my PC currently so cannot get you an example piece of code, but you need to send the response with the content type set appropriately. Look in to mime types for a pointer in the right direction.
The term "download" is misunderstood here. When we open windows explorer and copy a file from a network share to our local machine don't think it terms of "downloading" it, we are just copying it. To "download" usually refers to access some resource outside of our local network and pulling that resource into that network.
Hence to achieve your aim you need to convince the client that is not accessing a file that is a local network resource. You can do this by adding a Virtual Folder to the IIS site that points the appropriate folder in the network share. Change the URL to use a "http:" protocal pointing at the virtual folder in your site.
Now the users will get the file from your website rather than accessing it as a normal file on the network.
You can stream the file through a webpage to download the file instead of opening a network share.
See this for an example:
http://support.microsoft.com/kb/276488
You can also share a directory through your web server by enabling directory browsing.
IIS 6: http://blog.crowe.co.nz/archive/2006/03/18/603.aspx
IIS 7: http://technet.microsoft.com/en-us/library/cc731109(WS.10).aspx