This is just a hypothetical question. Let's say we have a website built using CGI scripts. I find a folder within it (for ex; www.website.com/links/link.txt) and it has some basic text files. When I enter this URL on a browser, I am able to see the file "link.txt". I also know that the website is running on Apache Tomcat.
My question is, how do I (as a user) edit this link.txt file? What tools should I use?
Unless you have a web-based editor you can't edit the files directly; this is for security purposes as if you can change the file that means anyone else can too.
You will need a way to either connect to the server and edit it using a remote session, or you will need to edit the file using your computer and then upload it. Unfortunately you have already mentioned that ssh and ftp aren't working, which are the two ways I would have otherwise suggested.
I would suggest you get in touch with your site host and ask them what functionality they provide to allow you to edit files.
Hope this helps!
Related
I'm working on a website that is generated from a server. I have a php file where I include files that are stored on my computer and are necessary for the code to work. The files that I need are related to google calendar API like my credentials and a link to the API folder just like in the quickstart.php example of google (https://developers.google.com/google-apps/calendar/quickstart/php).
I think that storing these files on the server is not such a good idea. Is there a way for me to link local files from the server in an include or require? Or do I have to put everything on the server? And in that case how do I know the filepath to my files?
I am not in control of the server I just have acces to a small part of it. It is the school server and I'm working on one directory or so from that server so I can't do anything from root or so.
Thanks in advance and if my question is unclear please notify me so I can rephrase it.
If you want to protect the code from exposure, try PHP ionCube Encoder. So someone who has access to the server can't read the code, but still it will run correctly.
You CAN include remote files via HTTP if you can configure the server to set the following in the php.ini.
allow_url_include = On
This is NOT the normal setting as it could leave you more vulnerable to attacks. So this method is not a recommended one, but it is possible.
You should consider setting up an additional account on Google and then using that to work with. You can share the relevant calandars from your personal account with that account and thus protect yourself better.
Create a folder on your server outside of the public html folder. Go one directory above your website route directory and create your folder there. People will not be able to navigate to that new folder as it is outside of your website route. Store your sensitive files in the new folder. Then just require them in your normal files as needed. This protects your sensitive files in the event your PHP handler failed (rare but can happen) as the content of your sensitive files would not be displayed to people as plain text on your website. Remember to set appropriate folder and file ownership and permissions also on your server.
I am currently developing my own Google Chrome extension right now. My extension has the functionality to save and retrieve user data(bookmarks, browser preferences) from a local storage in a computer. Right now there are tools and technologies I am considering to use for the development of the said extension. Which brings us to my question:
I know for sure that PHP can be responsible for the file handling which includes storing and retrieving of browser data. My concern is that the security of the written file. Is it possible to put the written text file in a folder which is locked? Is it possible to make that folder account-controlled meaning for the folder to be accessed there should be username and password to be entered? What tool or technology can handle this?
I'm working on a project which involves an FTP server running ProFTPd and a PHP/MySQL backend that creates accounts for users.
Upon the creation of accounts, users are sent e-mails with their account details and instructions for downloading FileZilla or CyberDuck, depending on their OS, detected via user-agent string.
To make things easier for novices, I thought of having .lnk files generated for FileZilla with the account logins details as parameters, so they would just have to click on the .lnk files to open up the server. This is not a crucial feature but more of a technical challenge.
My questions are :
is this even feasible ?
are there any alternatives (eg. generating a .bat with a script pointing to the Filezilla executable ?)
are there any issues, perhaps with relative / absolute paths pointing to the executable ?
to go even further, what would be the simplest way of providing users with software with FTP access on a single account / single server (web interface is not an option).
It's very difficult to create .lnk files programmatically. See this answer.
In FileZilla, I think the best you can do reliably is to pass along a filezilla.xml file, and describe the steps necessary to import it after FileZilla has been installed.
I don't see any way that you can do this while making it easier for novice users. If you create a shortcut file, you'd have to know the path of the install. Good luck getting that from a user who you assume would have a hard time using a username/password in an FTP program. Even if you got that, you'd be generating the shortcut file after you receive input from the user, then you'd have to email the file to the user or have them download it -> delay.
I would advise against this. Having worked with clueless users before, any attempt to make things "easier" for them but requiring them to do something else usually backfires immensely. Save yourself the headache, and provide a very well-written how-to instead.
I could use some advice.
I'm building a website in which the general user needs to be able to transfer files to the site administrator. It could be done one of two ways:
1] Some kind of web based interface - PHP perhaps - to send files to the FTP. I've done some Googling but have yet to come up with anything concrete that works. I've considered using an Applet but I need something free. Also, it seems to me that people are hesitant to give Applets permission to run in their browser.
2] Some kind of file transfer service. I've looked at services like Megaupload but using a free account, the files are public and that will not work. I need something that a user could use to send a file to the administrator who could pick it up later.
If anyone has some suggestions, it would be appreciated.
Thanks in advance.
You can do file upload via http if you have enough space (which I assume since you also have access to a ftp server). See here for more information.
.htaccess files are not my strong point.
I have document uploads going to /uploads. The user should be able to view the documents they've just uploaded by clicking on the document link that appears via ajax after uploading is completed.
However, I would like to be able to password protect the /uploads folder BUT still enable the current user to view the clicked document without having a password request appear.
Is this possible to do in .htaccess?
Thanks for any suggestions.
Unless you are using HTTP auth to authenticate your user before the upload, this probably cannot be simply done with just .htaccess. You need to know file's owner and compare it with current user, which is way beyond the scope of usual web server's capabilities.
If you may use Nginx or Lighttpd, you may use X-Accel-Redirect/X-Sendfile header. There's also a module for Apache2 called mod_xsendfile. Make all request to /uploads transparently pass through your application, verify access then tell web server to send file. While this requires the ability to configure the web server (which is sometimes not possible) this is probably the most correct and universal solution.
Here are some useful links:
PHP and Ruby on Rails examples (and some general information on configuration)
Python/Django code snippet
You could use cookie based authentication (mod_auth_cookie) to grant access via htaccess for a particular location.
I am not sure if setting the cookie path to the specific file will work, but its worth a try.
You are better off doing this in the app layer though.
EDIT: This may be a better solution
I don't think this is possible in .htaccess - since .htaccess has no way of knowing which user uploaded which files. Even if it did (e.g. by putting files in uploads/username/), I don't think .htaccess files are the way to go. I think you'll probably want to enforce this at the application level.