I'm working on a "UPLOAD DOCUMENTS" functionality where different customer can upload the required documents and employer should be able to view all the uploaded documents by the customers. Currently in my local system I can upload the documents and it saves the uploaded file to "inetpub" folder. But in order to provide "upload documents" feature to production environment what should be the path? Where Can these documents be saved?
Any suggestion is appreciated.
The files need to be accessible to users for download somehow. This is tricky however, as it opens you up to security issues if they upload an executable file and then request it.
What I normally do is keep the file information (name, type, etc.) in a database. Then, I name the file on disk with a consistent naming structure, such as UPLOAD_ASSET_123456, with no file extension. I also keep them out of the web root.
Then, to retrieve to the file from the web end, have a script that accepts an ID, and then the script echos the file contents.
Related
I don't want guests are able to download files (pdf, word .etc).At first users must log in to download files. How can I get information about it?
Say I have a user, and that user has an XML file which, among other things, includes the relative (to the XML file) path to one or more images stored on their local machine. I want them to be able to upload this XML file to a web server, and automatically upload the images.
So my XML file might contain:
<tag>Images\img_20120905_015463548.jpg</tag>
and I want to upload both the XML file and img_20120905_015463548.jpg in one operation.
The problem is, as best I can tell, I can't get a local web page to grab the images automatically using JS/jQuery due to the pesky web browser security model that won't allow me to upload arbitrary files off the local computer, or even know the real path of the XML file. After bashing my head against a brick wall for a few hours, I've come up with two possible solutions:
Upload the XML file, the server strips out the image file addresses and asks the user to locate each one. While it would get the job done, it's ugly and error-prone.
Use a batch file (or similar) to copy the XML file and images to a public-facing web server that the user can access on the local network, and then supply the public address of the XML file to my web server. It can then grab the images off the local public server. Problem: my IT department are too competent to allow users file access to public-facing servers. :)
Is there any solution out there I might have missed, that allows the user to upload multiple files given filenames only specified as a relative path?
Thanks in advance. :)
If you are not restricted to a web-only solution, this would be achievable using a plugin or desktop application. For instance, a desktop .NET or Java WebStart application or a signed and therefore trusted Java applet would be able to access the local XML file and any associated image files, then upload them to the web server using a POST, web services or WebDAV.
for realtime online tournaments i upload a bunch of html pages, generated by our tournament software. On the webserver i do the things with these files which are needed to do. So the tournament software is "integrated" in our website.
Now we want other people run these tournaments and then they do have to upload these generated html/css files. Via http upload it really is too much work en takes too much time.
I wanted to create another ftp account with only acces to the tournament directory. So far so good.
But, i want to limit the uploading filetypes just to html and css files, so they can only upload static content via ftp (i am just paranoid, i do not want they can upload php files with possible dangerous code or other unxpected filetypes)
is this possible?
Files are just sequences of bytes, the extension has nothing to do, the danger is the way you read them. You must set the uploaded files to be non-executable and you are safe. Even if you set .css files to be uploaded somehow, you cannot check if it is safe or not by only extension, the attacker may have changed the extension by hand. Also, uploading PHP files will not be problem, if you specify an upload folder that Apache does not know, i.e not below your www folder.
I have a web folder e.g. "http://www.myhost.com/software/" if I open this address in IE it show me all files which this folder have.
I want to download all files but I don't want to hard-code name of files. I know I can get the files with webclient.DownloadFiles(#address,#filename). Is this possible to download all files or at least get the name of files from the web folder?
As a minimum you can download the same file IE displays (note that this file is provided by your web server -- there is not a standard) and parse the HTML for the files yourself, e.g. using webclient.DownloadFile("http://www.myhost.com/software/", #listfilename).
To access the files more "professionally", you'll need to see if the server also allows access via FTP or WebDAV because HTTP does not have a file "interface".
I have an app which uses a sqlite db, saving it in the Documents directory.
Moreover it allows users to create a csv file from the db and send it via email. This .csv file is also saved in the Documents dir.
I would enable the iTunes File Sharing, so users can also save these files on pc/mac (maybe in the future my app could also read the files added by the users).
I read that users can remove, save, add and rename files via iTunes File Sharing, but I noticed that I didn't succeed in removing my app files via iTunes File Sharing, I can only save/add and rename them.
If the remove isn't possible, this is good for my app, but the user can still rename the .sqlite file.
Is there a way to prevent a file being renamed in the iTunes File Sharing?
You can hide the sqlite file from iTunes File sharing by starting the filename with a dot (.)
http://blog.saers.com/archives/2010/06/28/hiding-files-from-itunes-file-sharing/
alternatively see the Library directory here
How can I get a writable path on the iPhone?