473,320 Members | 1,910 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Client side access

How do I go about accessing some client side control? I'm trying to design
a web site in asp.net(well, I want to but I'm seeing that JSP might be
better. I don't like java but I do like the fact that JSP is portable and
supposedly have better features than ASP).

Anyways, My web site needs to get some files from the client side and
compute its hash BUT not upload it to the server first. (because it would be
way to slow and a useless to do since I don't care what the the file
actually is except its hash). Can I do this with asp? Do I have to write an
active X control are use java?

I want the code to be hidden from the user as much as possible as I don't
want certain people to see how I compute the hash(because they will be able
to view the hash and might use it for bad purposes).

Is this possible? I suppose that any time code is going to be ran on the
client side there is the possibility of hacking the code but I do not want
it to be something obvious like a VB script(and definately do not want them
to be able to modify the way the hash is created).

How can I go about this?

Thanks,
Jon

Feb 11 '07 #1
4 1461
If something needs to be run on the client-side or use a file without
uploading it, you will need to use ActiveX, because ASP.NET does not have
access to files on the client, and cannot execute files on the client. The
reason ASP.NET was designed this way is for security reasons. If you don't
like java, I would suggest you take the ActiveX approach so that you can
take care of this scenario and do the rest with ASP.NET. I will admit that I
have never written ActiveX or JSP (although I have written java), so I can't
say which one is better, but if they will both work for your scenario, it is
usually better to choose the one you are more comfortable with.
--
Nathan Sokalski
nj********@hotmail.com
http://www.nathansokalski.com/

"Jon Slaughter" <Jo***********@Hotmail.comwrote in message
news:KE*******************@newssvr27.news.prodigy. net...
How do I go about accessing some client side control? I'm trying to
design a web site in asp.net(well, I want to but I'm seeing that JSP might
be better. I don't like java but I do like the fact that JSP is portable
and supposedly have better features than ASP).

Anyways, My web site needs to get some files from the client side and
compute its hash BUT not upload it to the server first. (because it would
be way to slow and a useless to do since I don't care what the the file
actually is except its hash). Can I do this with asp? Do I have to write
an active X control are use java?

I want the code to be hidden from the user as much as possible as I don't
want certain people to see how I compute the hash(because they will be
able to view the hash and might use it for bad purposes).

Is this possible? I suppose that any time code is going to be ran on the
client side there is the possibility of hacking the code but I do not want
it to be something obvious like a VB script(and definately do not want
them to be able to modify the way the hash is created).

How can I go about this?

Thanks,
Jon

Feb 11 '07 #2
On Feb 11, 1:43 am, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
[snip]
Redesign your whole application!
Don't use ActiveX and DON'T use Java Applets...!!

If you need to hash files on the client side I'm willing to bet
multiple vital organs you WILL get into security problems and you WILL
compromise security!!

..t

--
http://ajaxwidgets.com
Free ASP.NET Ajax Widgets NOW!

Feb 11 '07 #3

"Thomas Hansen" <po*******@gmail.comwrote in message
news:11**********************@p10g2000cwp.googlegr oups.com...
On Feb 11, 1:43 am, "Jon Slaughter" <Jon_Slaugh...@Hotmail.comwrote:
[snip]
Redesign your whole application!
Don't use ActiveX and DON'T use Java Applets...!!

If you need to hash files on the client side I'm willing to bet
multiple vital organs you WILL get into security problems and you WILL
compromise security!!
My application hinges on doing the hashing. Its sorta like CDDB with files.
It does me no good if I can't hash.

Its more important to hash than have a secure hash(e.g., if people see how I
hash then its not such a big deal but I want to try and keep it private if
possible).

So I could have the user run a client side app that computes the hash and
then they copy and paste it into a web form but thats pretty much useless.
It needs to be automated as much as possible. If I can get the hash part
down then the rest can be done on server side. (all they will need to do is
say which files are to be used)

This is not much different from how an online virus scanner works so its not
impossible. I can upload the hash's seperately but I would like to make it
as transparent as possible.

I initially was going to write an application in C# that did this and used
an SQL database but the problem is with the security of the database(which
is the most important thing. If someone gets in there and screws it up then
its useless. By doing the security on a server I can do a much better job
than if some 12 yr kid reversed engineered my C# app and got the SQL
information and then hacked the server(or tried)).

I'm thinking that either I have to write a small java applet that computes
the hashes and uploads them to the website or write a stand alone
application that does everything. Each pose there own problems and it all
boils down to security. In the second cause I don't see how to solve the
issue and in the first I would just have an "insecure hash". This isn't that
big a deal I think because they can't do much with it(well they can but its
not as important at this point)).

Its kinda useless if I have 100k(assume) users all uploading there files to
be hashed. I'd require a mega server with a huge bandwidth. This is
necessary cause the hashing can be done on there side quite easily.

I think my best choice as the moment is to use java.

Jon
Feb 11 '07 #4

"Nathan Sokalski" <nj********@hotmail.comwrote in message
news:e2**************@TK2MSFTNGP03.phx.gbl...
If something needs to be run on the client-side or use a file without
uploading it, you will need to use ActiveX, because ASP.NET does not have
access to files on the client, and cannot execute files on the client. The
reason ASP.NET was designed this way is for security reasons. If you don't
like java, I would suggest you take the ActiveX approach so that you can
take care of this scenario and do the rest with ASP.NET. I will admit that
I have never written ActiveX or JSP (although I have written java), so I
can't say which one is better, but if they will both work for your
scenario, it is usually better to choose the one you are more comfortable
with.
--
Well, the issue with activeX is that it only works with IE? I don't like
java but if its the best thing to use for my problem then I don't mind.
Since I only need it to compute some hashes and transfer them to the server
side then its not a big deal to code(or shouldn't be).

The main issue I have is one of computing the hash and it being hacked. Its
not a huge issue but as a precaution I'd rather prevent it from easily being
reversed engineered. (not that it will be but if its a VB script that is
downloaded then someone might get a *bright idea* and cause some trouble.)
Not that its likely but I was wondering if I could prevent it.

I know ultimately its impossible because if I compute the hash on the client
side then it can be *seen* in some way(it has to be). But if I compute it on
the server side then I have to transfer the file. The first case is the
lesser of two evils here. (the hashes are not "private" in any way)

Thanks,
Jon
Feb 11 '07 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Kathryn | last post by:
Hiya I have a problem with using some client side and server side scripting together in an ASP. I'm using VBScript. What I'm trying to achieve is this - - Page loads up and some server side...
3
by: Rationalman | last post by:
I'm new to ASP, and need to do something that should be straightforward. I want to access the database in my vbscript function on the serverside, when someone clicks a button on the cient side....
1
by: Vetrivel | last post by:
Application architecture : Develop interface between two existing systems, a. Enterprise CRM system b. Web based intranet system. Environment : Intranet Server : IIS and ASP. Script :...
26
by: Don | last post by:
I'm writing an html page with some JavaScript that reads a web page into a client-side temp file, then reformats it, then submits that same file as a URL to the browser for display, via...
18
by: cjl | last post by:
Hey all: I know that it is silly in the age of Google to 'lose' something on the internet, but I recently checked out a project that had implemented a database with a subset of SQL in pure...
11
by: Timothy Shih | last post by:
Hi, I am having a freezing issue with my application. My application serves several remotable objects, all of which must be initialized before their use. Furthermore, some of them depend on each...
2
by: cedced | last post by:
Hello, is it possible to access client files in VB.NET? What? I have doing that but it isn't good (VB.NET take file on pc server and not on pc client): (thanks) Dim fichier As StreamReader ...
1
by: Carl Jones via .NET 247 | last post by:
(Type your message here) I'm trying to run a client-side script from a web page. It's a VB script that gets information (computer name, software versions etc )about the computer and writes it to a...
2
by: adolf garlic | last post by:
I have an aspx which has some client side script. The client side part of the page also features an xml data island What I want to be able to do is to get at the data island from the server...
4
by: Michael | last post by:
I am trying to open a file on the client machine from an aspx page running server side. The design requirements of the page specify that the HtmlInputFile control is not to be used. Since the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.