A quick word of caution to those attempting to write the
servletOutputStream. Microsoft's IE 5.5 doesn't correctly support the
HTTP "Content Disposition" header which is often used to force files to
be sent to the client as attachments (rather then being displayed
inline).
Documentation on this particular bug can be found here
http://support.microsoft.com/support/kb/articles/Q279/6/67.ASP
This has become an issue since security requirements force us to
store any sensitive data outside the web path. In light of the
aformentioned issue with IE, building an output stream to send the data
is now technically unfeasible. My current solution involves taking
advantage of the servlet lifecycle by having a thread running in the
background copy/deleting files as they are requested and subsequently
downloaded by the users. I have also added functionality to the init()
and destroy() methods to clean any files which (for whatever reason) may
have been missed by the background thread. While functional, I feel that
such a solution is less then elegant for several reasons. I would not
feel confident in assuming that the security considerations have been
met since, technically, there is a period during which sensitive
information may be vulnerable. The file creation/deletion model is also
not very appealing to our production staff, who, understandable, would
like to maintain as stable and static a webpath as possible. Such
issues, the severity of which is lessened by the fact we are running SSL
and filenames are randomized, send me off in search of a more agreeable
solution.
Regards
Fz
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
