I'm building a browser application in web2py (Python based CMS). One requirement this application has is to enable is the user to browse to a folder within the local network or local drive. The user selects a folder, that selection becomes a string that I record in the application's database. File selection is entirely off the table. I don't care at all about file selection. I only need to select one and only one folder. And get the one folder's fullpath/UNC as a string, collection is strings, object, or whatever that I can then assemble the fullpath as a string.
How can I develop a browser user interface screen object of some sort that enables the user to browser to and select a folder ( c:\folder\folder -or- \\server\share\folder ...) Then capture that string in a variable I can write to a databases?
I'm finding there are a lot of impediments to just such use of a browser application (didn't used to be that way). I get the security concerns but I also can't believe all similar enterprise uses of a browser are being torn down and made impossible (again, because it didn't used to be that way).
I don't want to dictate implementation. So spitball ideas if you like. Get out of the box of this tech stack if you like. But browser based is HIGHLY compelling (if I were to do this as a desktop app or something else I wouldn't even need to post this question).
The current tech stack of the application is: browser (open to suggestions but Chrome is the preference), JavaScript, jQuery, JQWidgets, Python, MSSQL (server hosted, not CE/local). But none of these elements are hard limitations. Except IE/Edge. We'll never use that.
If you can point me to fiddle, GitHub, ... examples that would be greatly appreciated.
Is there a particular JavaScript library, browser addin, Python import, ... I should research?
Would .Net be better suited to champion this challenge?
Is there a better forum you know of where I should post this question?
Thanks
I had to resort to this.
The application's user interface is posting to methods back on the site's controllers.
Then code executing on the site's server (Python) is providing the user's interface lists of folders and files on the file server's shares.
With some effort I will be able to provide the user with a rich and comprehensive UX that will effectively be the same originally desired. Or at least enough so.
What I will not be able to provide is a folder-file lists of the user's local hard drive. And any drives mapped between the user's workstation and the file server will not be represented from the web server to the file server. Meaning the user will have to learn to live without the mapped drive letters which they have become accustomed to.
Related
Is it possible to add a load of programs to a website that can be opened within the webpage itself. for example say the animation software blender. Would it be possible to add all the blender files to the website files and execute them within the webpage creating the GUI inside a window sized set of parameters
Updates Based on Inputs: Amazon recently released a Product/Service named Appstream 2.0 which does exactly what you had asked for, It is a proprietary platform though and has its own learning curve to even set it up. It does work well with solidworks, so it should work with most of other applications too.(Solidworks are providing the demo of their software via this service as of now(Nov18)). Also it uses a specific technique which doesn't require a live video stream and instead streams just the changes in images sprites which in itself is pretty interesting.
Another alternative is cameyo which is also a paid service.
As of opensource alternatives, I don't yet know of such a software.
-----------------------------------------------------------------------------------------
The closest you will ever get to this thing is flash and that too is NOT an exe.
About having a GUI for a software is a different thing, depends upon whether that specific software is exposing an API and maybe a service/Port that its listening to. And maybe making a script based client side GET request to that specific service on localhost, maybe.
Anyways, Wanting to run an executable on the client side is totally defeating the purpose of a website. Generally it is the other way round like say, you want to provide a service via website to compress a picture. You can pipe the submitted data to that respective software and then return the result as a response.
This is a bit less "simple answer" than I would like however I am not really sure where else would be best to get a collection of vulnerabilities related to this sort of thing. I will happily delete the question if someone has a problem.
So with that out of the way here is my scenario, I have a client heavy web based app, which is knockout with local storage to a web service. Now part of the users experience has hooks where users can write plugins and make their own functionality on top of the existing one. Although this part is not 100% relevant it basically is an event system where events are exposed and other javascript files can be loaded at runtime and listen and action these events.
Currently a plugin consists of:
A json descriptor file (which describes its dependencies and details, version etc)
An entry point file
Any other js/image/html files
Now we want to streamline the process so we were going to create a site which is a subdomain of our existing app where users can upload their own plugins in one central place, and then access them in the web app.
So we made the decision that the user can upload a zip file containing these files and we will do some server processing to confirm it contains the relevant stuff and then basically expose it for users to access.
Now my question focuses around the security vulnerabilities I should be worrying about here.
I know the zip files could contain anything so best we can do from my current understanding is just make sure the zip file contains the files we expect in the pattern we expect, i.e plugin-descriptor.json, entry-point.js then hope for the best.
I can also make sure there are only file extensions matching our accepted files, i.e js, json, html, png, jpg, gif etc.
There can be file size constraints put in and header checking on files to prove they are of the type you expect but not sure how technically feasible this sort of thing is.
As an example of a system like this, Wordpress has a collection of plugins users can access and apply to their site, they (and others) seem to use an SVN server they maintain and manually verify plugins uploaded, which I am not sure if we have the man power to do (Hence why I want to see if there is any automated way to vet these things). Also much like other sites where users can upload pictures, there must be best practices around handling these sort of scenarios.
Other than that I am not sure what else to look out for, and this feature may not be played in the next sprint, we are just working out the technical issues around it and trying to see what the best way of being able to have a list of plugins for users to access without us having to do LOTS of work maintaining it.
The current task is as follows:
It's about publishing spreadsheet tables online and making them accessible only to registered subscribers. The access to these spreadsheets is meant to be a paid service. Subscribers may access them online from wherever they are and do their calculations related to expenses or working hours and so on. These spreadsheets are developed in MS Excel. They are then converted into HTML/Javascript files via a macro app. The resulting Javascript code contains all the important formulas which need to be protected.
I know about Javascript "obfuscation" and scrambling" but would like to find a better solution since the two mentioned methods can be reversed.
The idea is to place the spreadsheet tables and the formulas for calculation inside of a Flash container file for protection. This Flash container file is not meant to link to or access any other external sources. The data which the users input into the spreadsheet would be saved in XML format.
Here is one tutorial which explains how to encrypt a Flash container file in order to prevent decompilers from making the content accessible:
http://code.tutsplus.com/tutorials/protect-your-flash-files-from-decompilers-by-using-encryption--active-3115
Here is a tool which claims to do the same, but it may be that it just obfuscates and does not go as far as the process in the tutorial above:
www.amayeta.com/software/swfencrypt/
There are some downsides of using Flash which I know. I will not list them here, they are discussed in this forum. Consider that in this case the security aspect outweighs the downsides of Flash. The conversion of the HTML/Javascript content into Flash format will add more effort to this project.
I would like to ask these questions to this community:
Is there a converter that could help to translate Javascript into Actionscript?
Would it be necessary to translate the Javascript into PHP in order to use it within Flash?
Would the effort be worth it?
No this won't be worth the effort as the client will have full control over the runtime of flash. This means that it would not be difficult to extract the functions used. If you must protect your formulas then you should only perform the calculations on your server (or any kind of well protected cloud, if such a thing exists).
If you think that your code will run fine in flash or a browser, then it should not be hard to run the code in a well protected backend server.
I have an idea a Web Application and I would need to list all files of a directory that exists on the client machine (For example C:\Temp).
I searched a lot on the Internet and as well on Stack Overflow. I couldn't find an answer on any questions that soved my problems.
I want to be able to list all files and subdirectories of a directory and if possible get the file type.
I know that this isn't able to do only with native Javascript. If there is something restricted to a browser like Firefox, like XPCOM I wouldn't mind using.
I just wanted to know what is the best approach to do this on a WEB Application. (Windows apps are not acceptable, and also don't want to rely on ActiveX since we're no planning on IE support).
We have a preference for Javascript based solutions. We really don't want to rely on Server-Side to do this. But we are opened to Server-Side suggestions.
For any server-side suggestion, we are using ASP .NET MVC.
We area looking for something similar to jscript - getting list of files in directory but I don't want to rely on ActiveX at all. As said before a Firefox-only solution would be OK.
In short:You can't get the control to list the files resides on local system(client machine) from browser.
Java applets, if signed and set up properly, can get access to the local filesystem if the user clicks allow on the popup dialog box.
Flash and Silverlight, being built by intelligent beings, do not allow you access to the local filesystem -- and if they did, they would also have a dialog pop up asking if the user trusts the web app. Otherwise people could use it to collect all sorts of potentially dangerous information about your system.
As far as I can tell, it is impossible to access the content of files on the user's computer in a web application without first uploading to the server, then re-downloading to user, unless some sort of plug-in is used. (Flash, etc.) Ideally, the user would upload the file directly to localstorage and then scripts would have a chance to process/display/validate/filter without the user having to wait on an upload.
Are there any features in upcoming web standards such as html5 that will allow this? If not, why has there been no effort to make this possible, and how can I work around it without getting stuck with plugins?
EDIT: DO NOT assume that I want to let JavaScript access arbitrary files on the hard drive without any user intervention. We already have the ability to prompt the user for a file and upload it, I only want the ability to prompt the user for a file to be loaded into the browser's memory. I was only hoping HTML5 would have support for something you can already do with both Flash and Java applets.
Doesn't the File API ( http://www.w3.org/TR/FileAPI/ ) do that ?
It's implemented in Firefox 3.6 (see https://developer.mozilla.org/en/DOM/FileReader and https://developer.mozilla.org/en/Using_files_from_web_applications )
According to http://code.google.com/events/io/2010/sessions/html5-status-chrome.html it is supported in chrome.
What you can do in HTML 5 (or 6, 7, ...) depends on what a diverse group of vendors with competing agendas think the new HTML version should or should not do... it is designed by committee.
Giving a web page that you create permission to access resources (e.g. files) on your computer creates a very large security hole (would you like my web page to read your emails and home banking files?)
It's very unlikely that a committee will agree to standardize on a feature that creates a security risk, given that only one browser on one device/platform needs to poorly implement that standard to open Pandora's Box to hackers.
Individual vendors (the people that make plugins) don't have to get a bunch of other companies to agree on a feature. They just implement it, and users get to decide if they trust it enough to install it. Microsoft's first attempt at this was a major security disaster.
Like Raul and Eric pointed out, there is a significant trust issue involved, and requiring people to give code they don't know access to their hard drives will not make your site popular.
You are probably stuck with choosing between plugins or browser specific features/addons for a long time.
That said, you can do cool things by just making the best of this situation. One approach I've used several times is to have an invisible plugin (Applet in my case) present on a web page, but control it entirely via JavaScript, giving the web app a very "natural" look and feel.
Another approach is progressive enhancement of some sort - providing an enhanced experience for users who have the required plugin installed and opt to use it. I've experimented with this on sites such as http://www.pdfcombine.com - users who don't have the Java plugin installed get to merge PDF files by uploading them to a server and downloading the merged file, whereas users with the Java plugin are given the option to do it all locally with the Applet.