473,395 Members | 1,688 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > way to handle security issue

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Way to handle security issue

Tod
Pardon my newbieness. (And try not to laugh to hard.)

I have a intranet site that allows users to log in and get excel
reports. The user clicks the name of the report and it opens it from a
folder for that user. Easy enough. The problem is that the path of the
folder for that user is displayed in the Status Bar when it is being
downloaded. I've discovered that users are grabing that path, changing
the folder name, and can then access other folders. I don't want that
to happen. (You can already tell I'm new at this, can't ya')

My first idea was to hide or alter the URL. Not a good idea it seems.
My next idea was to grant access at the folder level. But there are
several dozen folders. That would be an admin nightmare.

Somebody more knowledgable that I must know how to do this.

tod

Jul 23 '05 #1
1 929
In article <11**********************@f14g2000cwb.googlegroups .com>,
to*****@swbell.net enlightened us with...
My next idea was to grant access at the folder level. But there are
several dozen folders. That would be an admin nightmare.
Yes, but it's generally the way it's done for file sharing.
Put all the folders they should access in one folder and grant to that one.
What do you care if they nevigate folders they're already allowed to view by
typing in a URL?

Somebody more knowledgable that I must know how to do this.


You could stream the file from a server-side process.
The URL would be the URL for the server-side script. The script would take a
filename as a param, then stream it to the user. Standard file download stuff
instead of linking to a file.
Requires server-side scripting, though, such as java servlets or .net.

--
--
~kaeli~
Why do they lock gas station bathrooms? Are they afraid
someone will clean them?
http://www.ipwebdesign.net/wildAtHeart
http://www.ipwebdesign.net/kaelisSpace

Jul 23 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
SSL, PDF, Javascript Security Issue
by: Sandeep | last post by:
Hello All, I have a site written in ASP/VB COM and setup completly over https. Browser is IE 6. I am doing a post from one page to another using document.formname.submit. This works fine...
Javascript
2
Slow page loads, possible security issue?
by: Scott F. Brown | last post by:
Hello all, I am attempting to work on a project for work at home and I'm experiencing extremely slow page loads. These are pages that work fine in the office but when I try to work on the...
ASP.NET
5
Major security issue?
by: Keith | last post by:
I have found what I believe to be a serious security issue in ASP.Net. If you have: 1. Your website configured for anonymous access 2. Elect under web.config to set the sessionstate attribute...
ASP.NET
7
ASP.NET Uploading Security Issue?
by: chuckdfoster | last post by:
I am developing an ASP.NET site where an site administrator can upload files via ASP.NET into a Documents folder. These documents are then viewed by site users. I used the MS KB article...
ASP.NET
0
Another Windows Server 2003 Security Issue?
by: Charles Leonard | last post by:
I am having yet another issue with Windows Server 2003. This time, the web service (a file import web service) appears to run except for one odd message: "ActiveX component can't create object". ...
.NET Framework
1
One more connection problem-Security Issue
by: Curt | last post by:
My company gave me their old Windows 2000 server. I installed my database on it and the ODBC connection works perfectly on the server. When I go to my client machine I go the the ODBC Connections...
Microsoft SQL Server
1
Access 2000 security issue
by: Edmund | last post by:
I hope someone can help me out set up the security properly. I have Microsoft Access 97 and Access 2000 in my computer and I developed my database with Access 2000 with the updated patch...
Microsoft Access / VBA
1
ddtpmyra
Access Security Issue
by: ddtpmyra | last post by:
Just a general question on the the security issue on Queries riding on Access Dbase that has a link only connection on SQL server. Are there high risk security involved?
Microsoft Access / VBA
2
Re: Security issue with an HTA frame
by: Oriane | last post by:
With IIS7 on Vista SP1, the problem does not occur. When I told you yesterday that the problem occurs on Windows XP/Vista, I talked about the client environment.
ASP.NET
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!