How to edit files on the users file system from my web server?

Question

Hello all,

I am really looking for implementation advice as I have entered a new realm that I am not familiar with.

At the simplest level, I would like to find a way that I can read/write to a users machine from my web server. For this to work, I think I will have to install some sort of "plugin" on the users machine which can receive (or poll?) the server for instructions.

The above is the line of thought that I currently have, maybe using JAVA to do this. This needs to work on Linux, Mac and Windows OS.

I am really looking for advice on the above, is it a good idea? Is there a better way of doing this? Is there something out there already that I can build on top of?

I really appreciate all input and advice as this is something I have not done before.

Thanks all

Answer 1

For Java, you could launch a client application via Java Web Start that will be able to perform a limited set of operations on the file system.

If this is too restrictive, then you would need to provide a link to a download of a client application that would be installed / executed on the user's desktop machine.

Answer 2

For the user, a web browser plugin may be the easiest, since the user won't have to manage yet another running application, however it has its limitation such as having to develop a plugin for each browser. In addition, the user would need their browser running.

You could have the user install a desktop application, which they would have to keep running, so installing it as a service might be ideal.

You could also use a plugin as a wedge between the web browser and a desktop application, which is how Flash works.

Answer 3

To really know you will have to answer the "why" question, why do you wan tot do this.

If you are just trying to store some state on the user's machine that you need to have locally then for small things you can fall back on cookies, or for larger needs you can use the new Web Database features in HTML5 http://dev.w3.org/html5/webdatabase/

If you need to access specific files then you are actually going to have to circumvent the security sand boxing that Java does when run on a webpage. I will leave that for others to go into, I don't know how to do it off hand myself.

Answer 4

I'm assuming you want to read and write specific files on the users' machine that are not normally accessible (i.e. not temp files, or files in a sandbox). And you want to do this from your webserver.

As you looking for cross platform, I'd go with java. Given that your needs are simple (read/write files from remote commands) you could probably target JRE 1.4, which is now many years old, but is installed on ca. 98% of desktops (source).

Here's an overview of how you can approach this:

• Create a java applet or Java Web Start application that fetches a list of commands from a URL. The URL can contain any specific identification that you need to identify the machine, such as the users ID (see below for alternatives.)
• Your webserver generates the list of commands that the applet should execute - create file, read file, write file and sends these as the response.
• Sign the applet/application, so that it can escape the restrictions of the sandbox. To do this, you need to obtain a certificate. More on this later.
• Inform and educate your users about what the applet is doing. E.g. a page on your site about why they are being asked to trust your certificate and what the implications are.

You can implement this as an applet or an application, the bulk of the work is pretty much the same. I talk about applet, but remember it applies equally to application.

In more detail: The applet requests a list of commands from a URL. To hamper attempts at using your applet on another malicious site, you should use HTTPS to fetch the list of commands so that the server is authenticated. The URL should be hard-coded into your applet, so that any attempts to change this will break the signing. How you communicate the commands to the applet via the URL is up to you, e.g. you can use XML or use RMI and simply send over the list of commands as an object.

I mentioned using the userid to identify the machine - using the machine's MAC address is also a possibility. See how to get the mac address of the host.

Once you have the list of commands, your applet executes these using java file I/O apis. See File, FileReader/FileWriter in the javadocs. You include appropriate logging so the applets actions can be audited later if necessary. Once the applet has executed the commands, it sends the result of the commands back to the server, either as a POST operation, or another RMI method call, if you settle on RMI.

If you want to continually send commands from the server, then the applet can poll the URL/invoke the RMI method regularly. A Timer can help with this.

With communciation errors, it will be necessary for the client to request the list of commands more than once. Thus each time you produce a list of commands from the server, it is given an id. The server gives out the same list with the same id until it receives acknowledgement from the applet that the commands have been executed.

To sign the applet, you should obtain an rsa certificate from a certficiate authority. You can self-sign, but then you are opening the door to others modifying your app and impersonating your certificate. Details on obtaining and using certificates are given here.

If you don't know java, then all of this may not make a huge amount of sense, and it's not a trivial project to get started on, particularly considering the implications for your users if your implementation has holes and defects.

It may be wise to exercise caution: although you can do this, doesn't necessarily mean you should. I imagine that most expert users would frown on the use of this app, and would not accept the certificate. And then there is culpability - if your app accidentally deletes a critical file through a bug, misconfiguration, human error etc, how will you be prepared for that?

Answer 5

In my opinion, Applet will be a better solution. I have made one applet which downloads a zip file from the server on client machine into temp folder, extracts the zip file into a directory specified by client (browser user) and then deletes the zip file.

thanks.

Answer 6

The lowest hanging fruit might be to provide WebDAV access through your web server to a given set of files, as this allows the users to see the files as a part of their usual filesystem with all their usual tools. You then do not have to do all that functionality.

Looks like Slide can deploy on Tomcat, and JBoss has ModeShape.

Will that be useful enough?