tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: WebApps sharing uploaded files
Date Sat, 01 Oct 2011 22:30:31 GMT
Léa Massiot wrote:
> Hello André,
> 
> Thank you for your answer.
> 
> awarnier wrote:
>> You can define "uf" wherever you want, as long as Tomcat (and the
>> applications 
>> which run under it, like your JSPs) has write access to it.
>>
> 
> Actually, I already noticed and tried that and my first question is closely
> linked to my second question about "href"s... (Questions 1) and 2) aren't
> really two separate questions.)
> 
> Thank you for your two interesting suggestions:
> - creating some kind of "downloader" servlet,
> - WebDAV which I know nothing about.
> 
> This is not an academic project.
> I just made a schematic picture of the situation.
> 
Ok. Then,

- DAV is a protocol (an extension to HTTP) which allows a client to upload and download 
files to/from a webserver (and also browse webserver directories) over a HTTP connection.

  There are DAV clients available for most platforms (Windows, Mac,..).  Under Windows, 
what MS calls "web folders" is a DAV client integrated in the Windows (disk) Explorer.

- before inventing your own scheme, look around to see if there are not already 
applications which do that.  It is more complex than you may think, and there is no need 
to re-invent the wheel.

If you provide some additional details about what your application is supposed to do, 
maybe someone here can orient you to some existing application.

If you insist in creating your own application to do this, then a couple of basic notes :

Think first about security.  You are going to allow people to write to your server's 
disks, so be careful.  Everything a client sends should be considered as suspect until 
proven otherwise.
For example :
- Force clients to authenticate before they can upload files, and log what they do.
- Do not allow a client to upload files to your server wherever it wants.  For example, if

the client can specify the filename, don't allow them to specify things like 
"../../../etc/passwd".
- Do not use the filename supplied by the client as a part of any command that you run on

the server, unless you are /absolutely/ sure that it is only an innocent filename.
- Upload the files to a location where Tomcat has read/write access, and /only/ Tomcat has

access.
- Make sure that there is no way that anyone can tell any program on your server to 
/execute/ any uploaded file.
- better: do not use the filename that clients specify, as the filename under which you 
really write the file on the server.  First, people give all kinds of silly names to 
files, including spaces and other characters that can give you problems (think "& | >
<" 
e.g.).  Second, people will use the same name for different files, and you'll end up 
overwriting stuff.
So on the server side, create your own naming scheme, and some mechanism to associate what

the client specifies as a name, with the name you are creating on the server.
(Of course then, you may also need to provide a special servlet to allow people to browse

files, and another one to allow them to delete files).
- set some limit to the size of files that anyone can upload.  Otherwise it will not take

long before someone paralyses your server (maliciously or not).
- filter the /type/ of file that clients can upload. Be restrictive : forbid everything 
/except/ the types you allow, and not the opposite.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message