Results 1 to 8 of 8

Thread: Access File. . . on users comp?

  1. #1
    Join Date
    Jan 2007
    Posts
    629
    Thanks
    10
    Thanked 28 Times in 28 Posts

    Default Access File. . . on users comp?

    Hope this is the right section for this:

    I hear that activeX can access a files on users computers (which is why it is usually blocked by internet browsers). Is this true? And, if so, how do you go about doing it? If not, can another programing language do it? I have no problem if a warning pops up.

    The reason I ask is because I am setting up a Java based security system, and I want the administraiter of the given website to be able to change users settings form over the 'net, but I want to make it impossible to hack into. I was thinking a flash drive with an encrypted file on it, which has to be plugged in in order to log on to the Edit Users page. The security is more complex than that (it will also check the name, password, computer ID. . . ), but you get the idea.

    Is this possible, or would you have to do this from a program to the net (I know it would be safer, but it would also be less convenient)?

    Thanks!
    --Jas
    function GreatMinds(){ return "Think Like Jas"; }
    I'm gone for a while, but in the meantime: Try using my FTP script | Fight Bot Form Submissions

  2. #2
    Join Date
    Jun 2006
    Location
    Acton Ontario Canada.
    Posts
    677
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default

    This is a bad idea. thre is no reason to use any information other than the user inputs themselves.

    this could be used (on windows systems) to download the logs that windows keeps, check versions to look for vulnerabilities...
    or used to upload a virus, adware, spyware...
    if its possible, it could be used for evil quite easily.

    but if you mean the applet contacts the server to upload form info or recieve instructions, it would be easy to accomplish. (im not sure how though.)
    - Ryan "Boxxertrumps" Trumpa
    Come back once it validates: HTML, CSS, JS.

  3. #3
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    Java can do this too, but I think it unwise. If you want a particular file as authentication, have the user upload it.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  4. #4
    Join Date
    Jan 2007
    Posts
    629
    Thanks
    10
    Thanked 28 Times in 28 Posts

    Default

    Thanks for the replies!

    Quote Originally Posted by Twey View Post
    Java can do this too, but I think it unwise. If you want a particular file as authentication, have the user upload it.
    How would one do this in java (with or without the upload)?
    Once again, I am not concerned with security, as it will be my system accessing one of my computers, not other user's.
    --Jas
    function GreatMinds(){ return "Think Like Jas"; }
    I'm gone for a while, but in the meantime: Try using my FTP script | Fight Bot Form Submissions

  5. #5
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    I'd say Java, over ActiveX for this.

    But... seems over the top to me as well.

    I want to make it impossible to hack into.
    Everything you do opens new possible security holes.
    This would just make it dangerous for your users.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  6. #6
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    Aye. There's no security benefit from checking for a file on the user's system over simply having the user upload it via a plain HTML file input.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  7. #7
    Join Date
    Aug 2005
    Location
    Other Side of My Monitor
    Posts
    3,494
    Thanks
    5
    Thanked 105 Times in 104 Posts
    Blog Entries
    1

    Default

    That's why they invented "Remote Assistance", comes with Windows systems, or you can get 3rd party software to do the same thing .

    All of which I do not buy, nor do I enable. EVER.

    As far as your first question, the ActiveX thing was actually a JS thing, and it came from the Internet URL, parsed JS code through Adobe PDF viewer and accessed the users computer that way.

    Adobe has released version 8 of the reader to combat this problem.
    {CWoT - Riddle } {Freelance Copywriter} {Learn to Write}
    Follow Me on Twitter: @InkingHubris
    PHP Code:
    $result mysql_query("SELECT finger FROM hand WHERE id=3");
    echo 
    $result

  8. #8
    Join Date
    Jan 2007
    Posts
    629
    Thanks
    10
    Thanked 28 Times in 28 Posts

    Default

    I UNDERSTAND lol

    I know it is a security risk, but the average user will not have to worry about it. It will only be used for updating information that can be accessed by the sysadmin.

    Any way. . . Since you all are against helping me there how can you do it with an upload?

    Thank again
    --Jas
    function GreatMinds(){ return "Think Like Jas"; }
    I'm gone for a while, but in the meantime: Try using my FTP script | Fight Bot Form Submissions

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •