SV: HTML FILE Security

Matthias Carlsson Sun, 18 Feb 2001 08:40:14 -0800
It may be possible to config this in the webserver somehow, but I suggest
that you
instead of redirecting the user to ValidAuthor.htm, open the file inside the
servlet and send it by yourself. That way, you put the HTML-file wherever
you want
on the disk.

I'm typing this code off the top of my head, but I think this should do the
trick.

============================================================================
======
ServletOutputStream out = response.getOutputStream();
BufferedInputStream in = new BufferedInputStream(
        new FileInputStream(
                <path-to-file>
        ),
      1024
);

response.setContentType("text/html");

int i;
while ((i = in.read()) != -1) {
        out.write(i);
}

out.flush();
out.close();
in.close();
============================================================================
======

The servlet engine might take care of closing and flushing the outputstream,
I'm
not sure.

[ Matthias Carlsson ]
[ Programmer (Java, XML/XSL, CGI/Perl, HTML/JS) ] [ Web Designer ]
[ E-Mail : [EMAIL PROTECTED] ] [ ICQ: 1430647 ]

-----Ursprungligt meddelande-----
Från: A mailing list for discussion about Sun Microsystem's Java Servlet API
Technology. [mailto:[EMAIL PROTECTED]]För kal inuganti
Skickat: den 16 februari 2001 09:26
Till: [EMAIL PROTECTED]
Ämne: HTML FILE Security


Hi All

I have a small security problem and I would like to know how I can fix it.
My servlet sends a request to an HTML file if the request is valid. The code
snippet is as  follows:

if((user.equals("administrator")) && (passwd.equals("author"))){

out.println("<HTML>");
   out.print("<head>" + "<meta http-equiv=\"refresh\" content=\"2; url=" +
   "http://24.181.167.18:8080/ValidAuthor.htm;\">" + "</head>");
   out.println("<BODY>");
   out.println("<BR>" + "<BR>" + "<BR>");
   out.println("<BR>" + "<BR>" + "<BR>");
   out.println("<BR>" + "<BR>" + "<BR>");
   out.println("<BR>" + "<BR>" + "<BR>");
   out.println("<p align=center>"+"<img
src=http://24.181.167.18:8080/welcome.gif>" + "</p>");
   out.println("</BODY>");
   out.println("</HTML>");
}

I would like to protect the ValidAuthor.htm file from direct access and the
only way it can be accessed is through this servlet. Can someone help me
with this problem.

Thanks,
Kalyan

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
SV: HTML FILE Security

Reply via email to
