Access (Read and Write) Local File/Directory from Browser - scripting

I know its not possible to access a local file/directory via scripting because of security reasons but may be there exist a way to access local file/directory, like via Browser Plugin or some module (*.exe files) that can send data from local directory to browser etc.
Please note I'm not talking about file:///* but read/write access to local directories/files. Please share your experience and idea(s) on number of possibilities to achieve this goal.

Related

Copy files to local drive that requires different credentials

I've seen a lot of answers on copying files that use code to set a network share, with credentials, to copy to somewhere else. However I need a solution that will allow a user to copy from a network share they already have access for, to a local drive they don't have access to.
We run RDS servers and have locked down direct access to the local C:/ drive on the servers. We have been given a 3rd party program that needs to read data files that must be stored in a fixed path on the C:/ drive. These data files are updated once a month. Our users have read access but we do not want to give them direct write access to the root C:/ drive.
I need to write a piece of vb.net, or command line code in .bat file that will copy files to the Local C:/ whilst providing the details of a service account to provide the access.
As mentioned I've seen a lot about setting up a mapping to shared folder and passing creds, however we don't want to set the C:/ as mapped shared drive in this instance.
You don't want the user having access to the C Drive in general, is there any particular reason the permissions on the particular subfolder the files are going to can't have overriding permissions to allow writing to just that folder?
If that will not work, first thought that comes to mind is having a helper program that can be ran under a different user that does have that access. Set up an intermediate folder the user can write to, the program that they can launch drops the files into a folder they have access to. Helper program watches for files in the intermediate folder, moves them to where they need to be.
Set up would need to include adding a user that does have access to both locations, and then adding to task manager to launch the helper program under that other user at login.

NTFS vs. File Share

In helping out a friend with a few questions for CS, I came across one that I had no prior experience with and was hoping someone would be able to clarify the difference between NTFS and File Share for me.
To help, the question we faced was:
A folder storing a faculty member’s personal documents are set as a share to which everyone has full access. The only person with NTFS permissions on the folder is said faculty member. Can everyone else access the documents?
I appreciate any clarification you can provide. I'd love your help in learning about this!
Short answer: No.
In Windows each file and directory has an ACL controlling access to it.
Each file share also has an ACL controlling access to the share.
When you access a remote file through a share you are doing so using the credentials used to login to the local computer. (You can connect using different credentials by entering a username/password when connecting).
The remote computer tests the supplied credentials against the ACL on the share.
Once you are past that, then every file you attempt to access on the remote machine through this connection will be checked using your credentials against the ACL on the file and the share. This allows a file share to offer more restricted access to some files than if the same user were attempt to access them locally. (So you could share files as read-only, even if the ACLs on the files themselves would allow that user write access).
If the file share is of a FAT file system then the only ACL checking that is done is against the file share itself because FAT doesn't support ACLs.
When computer are not in a domain and all user accounts are local user accounts then permissions are maybe not what you expect. Unlike Unix/linux, it is generally not possible to create the same user account (uid) on two computers because Windows basically uses a GUID for the UID (a big random number). So when you attempt to look at file owner or ACL information on remote files, since those files are all owned by local accounts on the remote computer, to your local computer those UID will not be recognized (See dir/q from the command line).
Windows can be setup to make non-domain file sharing a little easier. It can be set so that when you attempt to access the remote file share, as long as the remote computer has an account with the same username and password as the local computer, then the connection is allowed -- and you are logged into the remote computer using the remote computer users account.
For reference, see information on NTLM, SMB and NETBIOS.

Securing a resource in Web Server

I have a file (or set of files under a directory) published on my web server. Each of this resource needs to be access-protected based on the user's credentials and authority.
The authorization details are stored in a DB, so I need to make a call to the Java code in application server to determine the access.
Everytime the user hits this particular path in the webserver, I need to ensure s/he has access to the requested resource by, ensuring he is logged in and has the necessary priveleges to access this resource.
The webserver is apache - Can you please point me to the settings in apache that allows me to secure resource access using the above logic?
Thanks for the suggestions to correct the Tag and the Question!:
My Web Server is Apache HTTPD
Agree that this is not a Java Question: The only reason why I am bringing the Java perspective, is that I am most likely going to use some Java POJOs to go and check for user authorization for a particular directory that is stored in the DB - That is unless there is a trick in the apache httpd configuration that goes and checks the DB automatically - something similar to the one that is pointed out here...At the end of the it, I need to check if a particular user (authenticated previously by the Single Sign On Server (Sun access manager)) has access to a particular directory (user mapping to directory stored in the DB) and protect the resources under the directory accordingly.
Please let me know if that clarifies.
i am not sure why this is tagged with java - unless your db structure is VERY sepcific, you might able to get it done with apache authz and authn:
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html
or, for an ovierview:
http://httpd.apache.org/docs/2.2/howto/auth.html

Accessing Network shared paths in WinRT

Is there a way to access arbitrary network shared paths and read their content in WinRT? Programatically I want to read from the network shared paths in a WinRT App. I am getting an Access Denied error.
I was told that it might be possible to access the network shared path using file picker provided the app request for permission.
But in my case I do not have access to the file picker. Instead while parsing my model if there is path, I need to read the contents from that path. If that path is network shared path, it fails.
You won't be able to access arbitrary files without the user's explicit permission (via the File Picker).
Some well-known locations like the music and pictures library can be read if the application's manifest includes the associated Declaration, but beyond that all the application can access without the user granting permission (at least once) is its local application data storage.
Have a look at this question: Windows 8 Metro App File Share Access
You may be able to work around this limitation by using a Web Service that has access to the file shares. ;)

VB.Net File.Copy/File.Move with different credentials

Ideally I'd like to be able to copy/move between an accessible folder on my local drive and a network share that I don't have permission to access (but the application would).
I am using impersonation to give me access to the files in the network share but using System.IO File.Move or File.Copy forces me to use the same credentials for each location. Is there a way around this?
What I believe you could do is something like this.
Do the impersonation to allow the selection of files. Copy the files to a location that the app can get to.
Stop the impersonation then have the application copy the file from the temp location to the desired end result.
We have done this before in our applications, it isn't elegant, but it works perfectly!
We've done something similar to what Mitchel Sellers is doing, except that we don't have a location that both identities can read from. We are reading blocks of data into memory using the local context and writing them out while impersonating the remote user.