I have a javascript file for admin page only in my site. How to do that, the file was available only for admins. Checking roles performed by cookies. Maybe some sort of a check on the server? Server apache.
ps: sorry for my bad english.
Even if you check cookies from Javascript code [it is possible to check] but the JS will still get downloaded on client computer. I think you want such that no other than admin can download the file. If that is the case, then better use .htaccess or web.config file to resrtict folder which contain admin specific files for proper authentication.
in a tricky solution you can use URL Rewriting as well to prevent file download unless your PHP or server side code verify the user.
Related
I have multiple questions
Can we create a directory in client machine ?
Can we check the running browser's default download path?
My requirement is that the user will download a BLOB data from my DB that time I want to create a folder in client machine and use that folder to save the blob data.
Can this be done using javascript,jquery,ajax,php,angularjs ?
You can't create a folder in client PC using JS.(don't even bother looking with HTML and CSS)
The best way you could accomplish something as you describe is to give a .zip to your client, so while extracting it, it creates his own container (the folder). But you must be sure that the people who intend using your web application knows how a .zip works.
Using PHP you can't do anything in the client PC. PHP is a server side programming language. So, it is running only in the server. When you make any request to the server then only PHP performs. In the browser end or client side only HTML, CSS and JS works.
I am currently building a website in Webmatrix and right now users can access images and files on the server, like this:
localhost:8080/uploads/images/64/facebook_64.png
How can I do it so they cant access these files.
I it helps I am writing in Javascript , CSS and HTML and I won't work with PHP if it is not really necessary.
Add a .htaccess file in the top folder that you want no one accessing with the following
order deny,allow
deny from all
allow from 127.0.0.1
Note: This means that you also won't be able to show them to users using img tags or any other method that requires the user to send a request to the image. However, the server can still use them.
You can't.
Not if your site is only going to use client-side technologies like html, css and javascript.
Any asset that you will need for your site, will be fetched using a http request and if your site / application can do that without any server-side technologies / authentication, so can any user.
You need a server-side technology like for example php if you want to use assets in your site while not making them publicly accessible.
I have built a vb.net web application. I have tried to make it secure, with all users requiring a password to get in.
The only problem is that if anyone can guess (or detect using some kind of hacking tools) the url of the javascript file, they can download it and read it, without even having to log in first.
Is there any way that this can be prevented?
If the javascript file is not required as part of the logon process, then you can secure the file on the server so your users need to be authenticated and authorized in order to access it. This will prevent unauthorized access. Approaches to securing this file include using file system Access Control Lists (ACLs - 'Windows file permissions'), or using the "authorization" element in the ASP.NET web.config.
If the javascript file is required as part of the logon process, then you've got to give anonymous (unauthenticated) accees to the file, in which case you cannot prevent people being able to download it.
Don't serve the JS file up to people who haven't authenticated.
I don't known ASP.NET well enough to say what the best approach would be, but worst case is you stick it in a .aspx file, do the auth/authz stuff at the top, then set the right content type and serve it.
I have a got a file server and a web server. They are running on physically different machines.
I would like to download a file from the FTP server via JavaScript. The reason I have to do it via JavaScript is that I have an external application and I can only inject JavaScript into that application.
Basically, I need to specify ftp address username and password. But I am concerning about security as people can view FTP credentials.
What is the best way to implement such scenario?
Thanks for your help
Regards
Javascript only speaks HTTP and WebSockets (on newer browsers), and not FTP. In that situation, keeping it all on the client-side, you'd probably have to write a Flash or Java applet that handles the actual FTP protocol, and interface with Javascript to provide interactivity.
Unless you're planning on redirecting the browser to the ftp site, passing in the username and password? Are you concerned about the users getting the FTP information, or are you concerned with man-in-the-middle attacks sniffing the plaintext FTP credentials?
JavaScript doesn't support FTP. What you need is a server-side or a more robust client-side language to access the remote server.
If by "downloading" you mean "prompt user to save a file from external link" (which basically means open a new window with URL that points to a file) then you can just point user to a script you have control over.
window.open('http://myserver/get_file/filename');
And your server-side get_file script will do all the work of connecting to a FTP and fetching a file
How about creating an iframe and setting the url to ftp://whatever?
I have a directory on my server that I do not want Search Engines to crawl and I already set this rule in robots.txt
I do want people that have logged in to be able to have access to this directory without having to enter a password or anything.
I am thinking that a cookie is the best thing to put on users computers after they login, and if they have a cookie, they can access the directory. Is this possible, or is there a better way?
I want people without this cookie to not have access to this directory - access for members only
Any suggestions on the best design for this?
The answer depends on the webserver used and, if any, also the server side language. Judging your question history, I'll bet that it's Apache HTTPD.
If that is true, then you can just put an .htaccess file in the folder in question to control the access by HTTP basic authentication. If you want more flexibility, you'll need to control it in the server side language in question. Basically you just need to store the logged-in user in the session and check on every request if the user is there and if it is allowed to do the request.
That said, since you tagged Javascript as well, it might be good to know that JS is a client side language and thus can be fully controlled/disabled/spoofed/hacked by the client. Forget about it when talking about security. JS is generally only good for progressive enhancement of the webpage.