RE: How to hide a download file
At 11:43 AM 7/11/2002 -0500, you wrote: I'm going to have to inevitably add it to my site soon, I was going to approach it the same way, but with a servlet isn't it possible to pipe a file by setting the response mime type and streaming it out as a PDF or EXE. Of course IE does it's own thing no matter the mime type. Sure, I've been using Download management for some time. Take a look at the code in the Expresso framework at: http://www.jcorporate.com/ The particular class is: com.jcorporate.expresso.ext.controller.Download Sets MIME types, and IE Does give it a proper filename even though the user doesn't know what path it came from. HTH! -Mike -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How to hide a download file
Certainly not the most elegant solution but you could keep the real file in a unreachable location, and upon submitting it copy's the file to a cookie_date_time_filename.ext and has them download that. Then you run a cleaner script to erase these temp files after 24 hours. Alex Hi all, I need to pick your brains again. I need to publish a site that requires a user to fill in a form before displaying a download link. What I need to do is to hide the file to be downloaded so that it cannot be downloaded without the form being filled in - i.e it can only be downloaded from a particular generated JSP page. Can I do this with Tomcat? Thanks in advance. Kevin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to hide a download file
I'm going to have to inevitably add it to my site soon, I was going to approach it the same way, but with a servlet isn't it possible to pipe a file by setting the response mime type and streaming it out as a PDF or EXE. Of course IE does it's own thing no matter the mime type. -Original Message- From: Alex Short [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 11:36 AM To: Tomcat Users List Subject: Re: How to hide a download file Certainly not the most elegant solution but you could keep the real file in a unreachable location, and upon submitting it copy's the file to a cookie_date_time_filename.ext and has them download that. Then you run a cleaner script to erase these temp files after 24 hours. Alex Hi all, I need to pick your brains again. I need to publish a site that requires a user to fill in a form before displaying a download link. What I need to do is to hide the file to be downloaded so that it cannot be downloaded without the form being filled in - i.e it can only be downloaded from a particular generated JSP page. Can I do this with Tomcat? Thanks in advance. Kevin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.373 / Virus Database: 208 - Release Date: 7/1/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.373 / Virus Database: 208 - Release Date: 7/1/2002 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to hide a download file
Off the top of my head, couldn't you pipe together a FileInputStream and a ServletOutputStream ? Something like: - open input stream - open output stream to browser - read in file, piping it to output stream - close file stream - close servlet stream The user would never know where the file is on the server, it could be anywhere. You'd have to make sure you passed the right content header to the browser, so the browser would know what to do with the data it was getting back. Just brainstorming, it may not work. John Turner [EMAIL PROTECTED] -Original Message- From: Kevin Passey [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 12:24 PM To: Tomcat Users List (E-mail) Subject: How to hide a download file Hi all, I need to pick your brains again. I need to publish a site that requires a user to fill in a form before displaying a download link. What I need to do is to hide the file to be downloaded so that it cannot be downloaded without the form being filled in - i.e it can only be downloaded from a particular generated JSP page. Can I do this with Tomcat? Thanks in advance. Kevin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to hide a download file
you can use a filter to see if the referring page is your form and then allow the download or redirect to your form appropriately. Alternatively, you could set a value in the session that is only set by your form submission that your filter can look for. I do a similar thing in a filter where I verify a form has been filled out by checking the database for the user. I also enforce a login to do this, but you don't need to if you just put something in the session. Charlie -Original Message- From: Alex Short [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 12:36 PM To: Tomcat Users List Subject: Re: How to hide a download file Certainly not the most elegant solution but you could keep the real file in a unreachable location, and upon submitting it copy's the file to a cookie_date_time_filename.ext and has them download that. Then you run a cleaner script to erase these temp files after 24 hours. Alex Hi all, I need to pick your brains again. I need to publish a site that requires a user to fill in a form before displaying a download link. What I need to do is to hide the file to be downloaded so that it cannot be downloaded without the form being filled in - i.e it can only be downloaded from a particular generated JSP page. Can I do this with Tomcat? Thanks in advance. Kevin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to hide a download file
I originally tried this, but it became a pain because I didn't support 'Range' requests which sent the whole file(in my case 50MB) for each request when someone used a download manager. A filter on the actual file is much more efficient since Tomcat can serve the file when it needs to and it gets redirected when you want it to. Charlie -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 12:46 PM To: 'Tomcat Users List' Subject: RE: How to hide a download file Off the top of my head, couldn't you pipe together a FileInputStream and a ServletOutputStream ? Something like: - open input stream - open output stream to browser - read in file, piping it to output stream - close file stream - close servlet stream The user would never know where the file is on the server, it could be anywhere. You'd have to make sure you passed the right content header to the browser, so the browser would know what to do with the data it was getting back. Just brainstorming, it may not work. John Turner [EMAIL PROTECTED] -Original Message- From: Kevin Passey [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 12:24 PM To: Tomcat Users List (E-mail) Subject: How to hide a download file Hi all, I need to pick your brains again. I need to publish a site that requires a user to fill in a form before displaying a download link. What I need to do is to hide the file to be downloaded so that it cannot be downloaded without the form being filled in - i.e it can only be downloaded from a particular generated JSP page. Can I do this with Tomcat? Thanks in advance. Kevin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to hide a download file
I was thinking of setting something in the session for the download page anyway which would direct a user back to the form. But if I create a directory called downloads and put the file in there - what's to stop someone just typing the folder URL and grabbing the file? Thanks everyone for your input. Kevin -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: 11 July 2002 17:46 To: 'Tomcat Users List' Subject: RE: How to hide a download file you can use a filter to see if the referring page is your form and then allow the download or redirect to your form appropriately. Alternatively, you could set a value in the session that is only set by your form submission that your filter can look for. I do a similar thing in a filter where I verify a form has been filled out by checking the database for the user. I also enforce a login to do this, but you don't need to if you just put something in the session. Charlie -Original Message- From: Alex Short [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 12:36 PM To: Tomcat Users List Subject: Re: How to hide a download file Certainly not the most elegant solution but you could keep the real file in a unreachable location, and upon submitting it copy's the file to a cookie_date_time_filename.ext and has them download that. Then you run a cleaner script to erase these temp files after 24 hours. Alex Hi all, I need to pick your brains again. I need to publish a site that requires a user to fill in a form before displaying a download link. What I need to do is to hide the file to be downloaded so that it cannot be downloaded without the form being filled in - i.e it can only be downloaded from a particular generated JSP page. Can I do this with Tomcat? Thanks in advance. Kevin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to hide a download file
your filter. it should look at the session and see that 'formfilledout=false' and redirect to the form without serving the file(call response.redirect() instead of doChain()). Charlie -Original Message- From: Kevin Passey [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 12:44 PM To: 'Tomcat Users List' Subject: RE: How to hide a download file I was thinking of setting something in the session for the download page anyway which would direct a user back to the form. But if I create a directory called downloads and put the file in there - what's to stop someone just typing the folder URL and grabbing the file? Thanks everyone for your input. Kevin -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: 11 July 2002 17:46 To: 'Tomcat Users List' Subject: RE: How to hide a download file you can use a filter to see if the referring page is your form and then allow the download or redirect to your form appropriately. Alternatively, you could set a value in the session that is only set by your form submission that your filter can look for. I do a similar thing in a filter where I verify a form has been filled out by checking the database for the user. I also enforce a login to do this, but you don't need to if you just put something in the session. Charlie -Original Message- From: Alex Short [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 12:36 PM To: Tomcat Users List Subject: Re: How to hide a download file Certainly not the most elegant solution but you could keep the real file in a unreachable location, and upon submitting it copy's the file to a cookie_date_time_filename.ext and has them download that. Then you run a cleaner script to erase these temp files after 24 hours. Alex Hi all, I need to pick your brains again. I need to publish a site that requires a user to fill in a form before displaying a download link. What I need to do is to hide the file to be downloaded so that it cannot be downloaded without the form being filled in - i.e it can only be downloaded from a particular generated JSP page. Can I do this with Tomcat? Thanks in advance. Kevin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How to hide a download file
If you make them login, you could put a security constraint on your downloads directory. That would pretty well seal it up, I believe =) HTH, Eddie Kevin Passey wrote: snip But if I create a directory called downloads and put the file in there - what's to stop someone just typing the folder URL and grabbing the file? snip -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How to hide a download file
Why don't you just handle it by putting something in their session saying that they filled out the form correctly, and write a downloader servlet that looks for that something, and will only send them the bits if they've filed out the form? Writing a servlet to send a file is pretty darned trivial. Writing one that knows something about session state is also pretty darned trivial. This would look something like: /downloads/send/filename ...where you have a downloads webapp with a send servlet that exhibits the above characteristics. The filename could be gotten from the path info as shown here, or you could just use a query string, too. It sounds like the issue you're having is trying to get the built-in file-serving servlet to do something it wasn't intended to do, rather than writing some code to do it for you. Hope this helps... -Ian On Thursday, July 11, 2002, at 09:58 AM, Eddie Bush wrote: If you make them login, you could put a security constraint on your downloads directory. That would pretty well seal it up, I believe =) HTH, Eddie Kevin Passey wrote: snip But if I create a directory called downloads and put the file in there - what's to stop someone just typing the folder URL and grabbing the file? snip -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]