Hi!
I am thinking to have a client-side script doing processing on file
downloading, basically the script will process a downloaded file from the
server before it received by the user. For example, the weboage will have
a link to download file A, but the one stored in the server is not exactly
file A, but some transformation of it. If the user click the link, it
activate the script which will actually load the file from the server,
detransform it into the file A, and return the file A to the user (with
correct content-type obviously). The transformation can be an encryption,
or the file broken into multiple segments.
Is this possible to do using client-side javascript?
The idea seems to be similar to soem image rollover script, which load the
image from server and then display it dynamically. Except that it seems
that Image objects don't have any properties that actually represent the
image data itself.
If it is possible, any hint where to begin?
Thanks!
--
Stephan Paul Arif Sahari Wibowo
_____ _____ _____ _____
/____ /____/ /____/ /____
_____/ / / / _____/ http://www.arifsaha.com/ 6  1849 
On Sun, 15 Aug 2004 15:42:24 -0400, S P Arif Sahari Wibowo wrote: basically the script will process a downloaded file from the
server before it received by the user.
... If it is possible, any hint where to begin?
The server. This is easily done in any number
of server side languages. Any arbitrary (valid)
URL/URI can be mapped to perform any number of
complex tasks ((un)encryption/compression/data
collection and packaging, image processing..)
on the server and either feed a '.zip' or whatever
file is most appropriate for the client, back.
By that stage, any client side script is unnecessary,
and irrelevant, as the above can be invoked from a
plain old HTML link.
As an aside, even if you *could* do this in a client
side script, it would be inherently insecure, as
the user can pick the script apart and make direct
requests for the filres. If they are feeling lazy
they may just watch their 'sniffer', which monitors
and reports all traffic between client and server.
_____/ / / / _____/ http://www.arifsaha.com/
BTW. I guess you made your site when looking at
something that supports .PNG transaparency?
In other words, not ..IE (Internet Explorer)
To whit, bottom of your site..
"Any comment? Email the webmaster at 'email address .png'"
The white background appears in IE,
(not in Moz 1.3/Opera 6.5.1 tho'..)
And that address you use, starting with 'www', is
quite couterintuitive. I had to look closely,
before I realized it was followed by
'@' rather than '.'
You counter is broken as well.
Opera reports 'could not retrieve data from server..'
(words to that effect)
HTH
--
Andrew Thompson http://www.PhySci.org/ Open-source software suite http://www.PhySci.org/codes/ Web & IT Help http://www.1point1C.org/ Science & Technology
On Mon, 16 Aug 2004, Andrew Thompson wrote: The server. This is easily done in any number of server side languages.
I know it is easy even trivial in server-side script. If it is that easy,
that's how I will do it. Unfortunately, the particular server have several
limitation that force me to seriously consider client-side solution.
So the question still stand: is it possible to do it as client side
script? Can a client side javascript actually access a file from a server?
Can a client side javascript hand a generated binary content to the user?
As an aside, even if you *could* do this in a client
side script, it would be inherently insecure,
Obviously understandable, in that case the protection should not come from
the algorithm itself, but from a decryption key-phrase. The algorithm
would be useless without the correct key.
If they are feeling lazy they may just watch their 'sniffer', which
monitors and reports all traffic between client and server.
Well, this will break a server-side encryption as well, right?
BTW. I guess you made your site when looking at
something that supports .PNG transaparency?
As PNG is an open standard, I consider browser that doesn't support it as
obsolote. I did try it in IE, and I saw that the information still came
up, so it is still acceptable. Not so bad for an obsolote browser.
The bigger problem is embedded document for counter. I actually want to
use the object tag, but IE doesn't support it. So I was forced to use
iframe (so don't say I cannot make compromise), it still look horrible in
IE, but at least is show up. The current server actually allow me to use
SSI, so I'll put it in as soon as I have time.
And that address you use, starting with 'www', is quite couterintuitive.
I had to look closely, before I realized it was followed by '@' rather
than '.'
Is it? Hmmm... I'll think about it, thanks. I have to avoid the comment
"webmaster" due to amount of spam sent to that address (eventhough I never
use not publicize that address).
You counter is broken as well.
Opera reports 'could not retrieve data from server..'
(words to that effect)
This is specific to Opera, right? Interesting. Do Opera support iframe?
Thanks!
--
Stephan Paul Arif Sahari Wibowo
_____ _____ _____ _____
/____ /____/ /____/ /____
_____/ / / / _____/ http://www.arifsaha.com/
S P Arif Sahari Wibowo wrote: So the question still stand: is it possible to do it as client side
script?
Yes, but not reliably.
Can a client side javascript actually access a file from a server?
Of itself: Not directly. It can request a resource from a server via HTTP.
The difference is that the resource may not reflect the contents of a file
on the server's filesystem but something generated, possibly including
data from a file, usually a database, and the request may result in
certain server-side actions if it triggers a server-side application.
Using an appropriate host object: Yes.
Can a client side javascript hand a generated binary content to the user?
Unless there is an appropriate host object, it cannot. Such an object
would be probably provided by ActiveX and/or Java which would decrease
the reliability of the script (and AFAIK restrict usage to IE 4+ on 32
bit Windows). I have seen a Java downloader object accessed with ActiveX
in IE 5.5+ on Windows 98/2000.
As an aside, even if you *could* do this in a client
side script, it would be inherently insecure,
Obviously understandable, in that case the protection should not come from
the algorithm itself, but from a decryption key-phrase. The algorithm
would be useless without the correct key.
I am not sure if you have understood that any algorithm used in client-side
scripts must be served along with the data it is operating on.
If they are feeling lazy they may just watch their 'sniffer', which
monitors and reports all traffic between client and server.
Well, this will break a server-side encryption as well, right?
Not quite as fast. HTTPS uses SSL/TLS which uses strong encryption
algorithms that can be considered quite secure these days, taking the
quite high effort/revenue ratio for cracking them into account.
BTW. I guess you made your site when looking at
something that supports .PNG transaparency?
As PNG is an open standard, I consider browser that doesn't support it as
obsolote. I did try it in IE, and I saw that the information still came
up, so it is still acceptable. Not so bad for an obsolote browser.
<http://libpng.org/pub/png/pngapbr.html>
The bigger problem is embedded document for counter. I actually want to
use the object tag,
You mean the "object" (X)HTML _element_.
but IE doesn't support it.
IE does support it, but not in a standards compliant way.
[...] And that address you use, starting with 'www', is quite couterintuitive.
I had to look closely, before I realized it was followed by '@' rather
than '.'
Is it? Hmmm... I'll think about it, thanks. I have to avoid the comment
"webmaster" due to amount of spam sent to that address (eventhough I never
use not publicize that address).
You should use a formmailer (server-side SMTP script). It not only prevents
you from getting spam from usual spambots, it also is reliable while the
"mailto:" URI is not. You counter is broken as well.
Opera reports 'could not retrieve data from server..'
(words to that effect)
This is specific to Opera, right? Interesting. Do Opera support iframe?
<http://www.opera.com/docs/specs/opera6/>
<http://www.opera.com/docs/specs/>
HTH
PointedEars, with appropriate random sig
--
One hundred security holes in the code, one hundred security holes...
On Mon, 16 Aug 2004, Thomas 'PointedEars' Lahn wrote: Yes, but not reliably.
Can it be done using javascript (without depending to other client-side
scripting)?
Of itself: Not directly. It can request a resource from a server via
HTTP.
That's Ok. I didn't expect more. How to do that?
Unless there is an appropriate host object, it cannot.
Is there any host object for binary files available from the browser
itself? If I have to use Java to create the host object, it is probably
better just use java for the whole thing, right?
I am not sure if you have understood that any algorithm used in
client-side scripts must be served along with the data it is operating
on.
Well, yes, I understand completely. What I mean is although the script is
open, it cannot be use to decrypt the data without correct key (provided
by user).
Not quite as fast. HTTPS uses SSL/TLS which uses strong encryption
algorithms that can be considered quite secure these days, taking the
quite high effort/revenue ratio for cracking them into account.
If the server have SSL... as I said, this server have many limitation.
<http://libpng.org/pub/png/pngapbr.html>
Ok, other than obsolote browsers, some broken ones, too. :-)
You mean the "object" (X)HTML _element_.
Yes.
IE does support it, but not in a standards compliant way.
So IE doesn't support the standards compliant ones. :-)
You should use a formmailer (server-side SMTP script). It not only
prevents you from getting spam from usual spambots, it also is reliable
while the "mailto:" URI is not.
Yes I should, when I get around to it. For now, I just use the image.
<http://www.opera.com/docs/specs/opera6/>
Well, it do support it. Don't understand the problem, then. Will get back
to it later when I have Opera to work with.
Thanks!
--
Stephan Paul Arif Sahari Wibowo
_____ _____ _____ _____
/____ /____/ /____/ /____
_____/ / / / _____/ http://www.arifsaha.com/
S P Arif Sahari Wibowo wrote: On Mon, 16 Aug 2004, Thomas 'PointedEars' Lahn wrote: Yes, but not reliably.
Can it be done using javascript (without depending to other client-side
scripting)?
Depends. What do you mean with "other client-side scripting"?
Of itself: Not directly. It can request a resource from a server via
HTTP.
That's Ok. I didn't expect more. How to do that?
Read on the `location' property and XMLHttpRequest (Google is your friend.
[psf 6.1]) Note, though, that the latter interface requires one of the
more recent user agents; in IE, it also requires ActiveX support to be
present and enabled (which AFAIK is only possible in 32 bit Windows).
Unless there is an appropriate host object, it cannot.
Is there any host object for binary files available from the browser
itself?
That depends on the browser, its version, security settings and the
operating system and platform it is running on.
If I have to use Java to create the host object, it is probably
better just use java for the whole thing, right?
Well, yo/nes ;-) Client-side Java is running in a sandbox even more
restricted than client-side J(ava)Script. If you assume that the
Java sandbox is not too much restricted due to low security settings,
it can be done. I am not sure if you have understood that any algorithm used in
client-side scripts must be served along with the data it is operating
on.
Well, yes, I understand completely. What I mean is although the script is
open, it cannot be use to decrypt the data without correct key (provided
by user).
Ahhh, but somehow you must determine if the key was correct.
PointedEars
--
When you're younger you can eat what you like, drink what you like and
still climb into your 25 inch waist trousers and zip them closed. Then
you reach that age - 24,25 - your muscles give up, they wave a little
white flag and without any warning at all you're suddenly a fat bastard.
On Mon, 16 Aug 2004 16:06:56 -0400, S P Arif Sahari Wibowo wrote:
(my reply is based on this post only, my feed to
usenet is completely f**ked up at the moment and
posts are trickling through, out of order.) If I have to use Java to create the host object, it is probably
better just use java for the whole thing, right?
It is probably better to stick with pure Java
*or* pure JS on the client browser for the simple
reason that gives you a greater userbase. There are
'Java/No JS', as well as 'non-Java/JS' users out there..
Also, I learned just the other day that Applets operated
via JS automatically get a more restricted security
environment.
You now seem convinced there is no security
problem, but I have not seen enough to convince me.
As such, I will comment that any security holes
that may be inherent in providing the client
(or any cracker, posing as a client) with the
JS, are also applicable to supplying a Java Applet.
To crack a Java applet simply requires two more
steps. Unpacking the 'jar'd file using WinZip.
Running a utility to convert the bytecodes back to
human readable form.
In all other respects, cracking Java/JS
are roughly the same. Both can be obfuscated,
or otherwise written in counter-intuitive ways.
--
Andrew Thompson http://www.PhySci.org/ Open-source software suite http://www.PhySci.org/codes/ Web & IT Help http://www.1point1C.org/ Science & Technology This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Kornelius Finkenbein |
last post by:
Hello folks!
I've got a strange problem with my download-script in conjunction with
M$ internet explorer, if the filename I want to link to includes more
than one points. In Netscape the problem...
|
by: Aardwolf |
last post by:
I've had PHP on my Win2K server running IIs 5 for about 2 weeks now.
I have an annoying problem in that I can not run the php
scripts/pages locally, instead they open up in the browser as a...
|
by: mike_j |
last post by:
I'm writing a download script in php. This script sends files using
echo in order to limit download speed. My script has to do something
after connection abort. Everything is ok unless client...
|
by: Newbie |
last post by:
I am doing some robotics projects but my main area of interest is
trying out several algorithms for the processing of the stream of data
coming from the video.
I am wondering what type of camera...
|
by: William Starr Moake |
last post by:
I'm trying to script a download counter that will display the total
number on the download page without server-side scripting.
Below is my very incomplete beginning. It returns no errors, but...
|
by: Chuck Anderson |
last post by:
I am writing a Php script to run on my home PC (Windows) that downloads
an Apache access log file and inserts new entries into a database.. The
only way I can access these log files is through a...
|
by: Jobs |
last post by:
Download the JAVA , .NET and SQL Server interview with answers
Download the JAVA , .NET and SQL Server interview sheet and rate
yourself. This will help you judge yourself are you really worth of...
|
by: miken2006 |
last post by:
Hi I am running a website which is a mirror for a popular file and it gets reasonably heavy traffic. Its runs on a VPS account but a GOOD VPS account :)
It seems that download managers are a...
|
by: KevinADC |
last post by:
Note: You may skip to the end of the article if all you want is the perl code.
Introduction
Many websites have a form or a link you can use to download a file. You click a form button or click...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
