Security Basics mailing list archives
Re: How to get browser to write a file to local disk
From: Larry Offley <lucullus () shaw ca>
Date: Thu, 26 Apr 2007 20:48:13 -0700
How about running an portable Apache/PHP stack off the the usb stick along with portable firefox. The Apache server with php can write your XML file. I have been trying out one of the portable firefox/thunderbird/etc usb installs and it works quite well. I don't see why you couldn't setup apache and php to run off the usb stick and basicly use it for your backend. Doing it that way should make it so you don't need to write anything using the browser just post it back to the web server and have it do it.
Larry Offley www.offley.ca Robert Wesley McGrew wrote:
On 4/25/07, Jim Clark <diegoslice () gmail com> wrote:I've been asked to help solve a browser issue that is thorny at best if not impossible due to security. There is a browser based application written in Flash Action Script that needs to write an XML file to the local disk. Picture a salesman with a USB flash drive that he can use at a customer's site. All the files are on the flash drive and a remote server is never contacted so the application is completely client side. To start the application, a browser is fired up and the local file opened from the flash drive which is a form with several list boxes that the customer can choose various options and then submit the form. What should happen is a XML file is then written to disk which the application uses in several ways further downstream including applying an XSLT transformation to display the results. The specification targets IE6, IE7 and Firefox running on XP and Vista. The catch is that none of these browsers allows files to be written to disk for security reasons regardless if Java applets, JavaScript, ECMAScript, etc. are used. So the problem is once the form is submitted and the Flash Action Script has the output XML ready, how to circumvent security and get the XML file written to preferably the same drive and directory the application was launched from. Having never programmed in Flash Action Script, I was hoping that Action Script could call an executable and pass either the XML or form parameters to create the XML. The initial feedback to this was "big doubts" to paraphrase nicely. Is what I described possible? Are there other solutions for accomplishing this? The application is nearing completion and this piece is becoming trickier than expected. Thanks in advance! -JimI would say that this is a design problem of trying to shoehorn technologies meant for web applications into a problem that never called for them. I think you are getting closer to your solution when you mentioned calling an executable, in that this is a situation that calls for a standalone application to do everything you've described. Is there any compelling reason why it's written in Flash Action Script to run in a web browser, if there's no communication being made?
Current thread:
- How to get browser to write a file to local disk Jim Clark (Apr 26)
- Re: How to get browser to write a file to local disk Robert Wesley McGrew (Apr 26)
- Re: How to get browser to write a file to local disk Larry Offley (Apr 27)
- Re: How to get browser to write a file to local disk Robert Wesley McGrew (Apr 26)