PDA

View Full Version : Access File. . . on users comp?



Jas
02-20-2007, 04:49 PM
Hope this is the right section for this:

I hear that activeX can access a files on users computers (which is why it is usually blocked by internet browsers). Is this true? And, if so, how do you go about doing it? If not, can another programing language do it? I have no problem if a warning pops up.

The reason I ask is because I am setting up a Java based security system, and I want the administraiter of the given website to be able to change users settings form over the 'net, but I want to make it impossible to hack into. I was thinking a flash drive with an encrypted file on it, which has to be plugged in in order to log on to the Edit Users page. The security is more complex than that (it will also check the name, password, computer ID. . . ), but you get the idea.

Is this possible, or would you have to do this from a program to the net (I know it would be safer, but it would also be less convenient)?

Thanks!

boxxertrumps
02-20-2007, 05:47 PM
This is a bad idea. thre is no reason to use any information other than the user inputs themselves.

this could be used (on windows systems) to download the logs that windows keeps, check versions to look for vulnerabilities...
or used to upload a virus, adware, spyware...
if its possible, it could be used for evil quite easily.

but if you mean the applet contacts the server to upload form info or recieve instructions, it would be easy to accomplish. (im not sure how though.)

Twey
02-20-2007, 07:26 PM
Java can do this too, but I think it unwise. If you want a particular file as authentication, have the user upload it.

Jas
02-21-2007, 06:07 PM
Thanks for the replies!


Java can do this too, but I think it unwise. If you want a particular file as authentication, have the user upload it.

How would one do this in java (with or without the upload)?
Once again, I am not concerned with security, as it will be my system accessing one of my computers, not other user's.

djr33
02-21-2007, 06:22 PM
I'd say Java, over ActiveX for this.

But... seems over the top to me as well.


I want to make it impossible to hack into.Everything you do opens new possible security holes.
This would just make it dangerous for your users.

Twey
02-21-2007, 06:34 PM
Aye. There's no security benefit from checking for a file on the user's system over simply having the user upload it via a plain HTML file input.

BLiZZaRD
02-21-2007, 07:05 PM
That's why they invented "Remote Assistance", comes with Windows systems, or you can get 3rd party software to do the same thing .

All of which I do not buy, nor do I enable. EVER.

As far as your first question, the ActiveX thing was actually a JS thing, and it came from the Internet URL, parsed JS code through Adobe PDF viewer and accessed the users computer that way.

Adobe has released version 8 of the reader to combat this problem.

Jas
03-08-2007, 05:53 PM
I UNDERSTAND lol

I know it is a security risk, but the average user will not have to worry about it. It will only be used for updating information that can be accessed by the sysadmin.

Any way. . . Since you all are against helping me there :) how can you do it with an upload?

Thank again