Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How to get browser to write a file to local disk

from [Larry Offley] Network Security [Permanent Link]
Subject: Re: How to get browser to write a file to local disk
Date: Thu, 26 Apr 2007 20:48:13 -0700
How about running an portable Apache/PHP stack off the the usb stick along with portable firefox. The Apache server with php can write your XML file. I have been trying out one of the portable firefox/thunderbird/etc usb installs and it works quite well. I don't see why you couldn't setup apache and php to run off the usb stick and basicly use it for your backend. Doing it that way should make it so you don't need to write anything using the browser just post it back to the web server and have it do it.

Larry Offley
www.offley.ca

Robert Wesley McGrew wrote:
On 4/25/07, Jim Clark <diegoslice@gmail.com> wrote: 
I've been asked to help solve a browser issue that is thorny at best if
not impossible due to security.

There is a browser based application written in Flash Action Script that
needs to write an XML file to the local disk. Picture a salesman with a
USB flash drive that he can use at a customer's site. All the files are
on the flash drive and a remote server is never contacted so the
application is completely client side. To start the application, a
browser is fired up and the local file opened from the flash drive which
is a form with several list boxes that the customer can choose various
options and then submit the form. What should happen is a XML file is
then written to disk which the application uses in several ways further
downstream including applying an XSLT transformation to display the
results.

The specification targets IE6, IE7 and Firefox running on XP and Vista.
The catch is that none of these browsers allows files to be written to
disk for security reasons regardless if Java applets, JavaScript,
ECMAScript, etc. are used. So the problem is once the form is submitted
and the Flash Action Script has the output XML ready, how to circumvent
security and get the XML file written to preferably the same drive and
directory the application was launched from.

Having never programmed in Flash Action Script, I was hoping that Action
Script could call an executable and pass either the XML or form
parameters to create the XML. The initial feedback to this was "big
doubts" to paraphrase nicely.

Is what I described possible? Are there other solutions for
accomplishing this? The application is nearing completion and this piece
is becoming trickier than expected.

Thanks in advance!

-Jim


I would say that this is a design problem of trying to shoehorn
technologies meant for web applications into a problem that never
called for them.  I think you are getting closer to your solution when
you mentioned calling an executable, in that this is a situation that
calls for a standalone application to do everything you've described.
Is there any compelling reason why it's written in Flash Action Script
to run in a web browser, if there's no communication being made?


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: Value of certifications, Nathalie Vaiser, RFC, FMM
Next by Date:  RE: CISSP Prep books?, Clement Dupuis
Previous by Thread:  Re: How to get browser to write a file to local disk, Robert Wesley McGrew
Indexes:  [Date] [Thread] [Top] [All Lists]