SitePoint Sponsor

User Tag List

Results 1 to 13 of 13

Thread: Open Local File

Hybrid View

  1. #1
    SitePoint Addict
    Join Date
    Apr 2002
    Location
    Miami
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Open Local File

    Login

    client- enters company name

    server- responds with random number

    client- receives random number and uses it to create a string from a text file on their local computer.
    client then encrypts and sends back.

    server has same text file for that client and has encrypted and loaded to database ready to compare with client response.

    I want to know how to open local file from client machine to read. I want to know for example how to start at character x and read x number of characters to return as string to encrypt before sending back.

    I know very little of javascript

    Thanks

  2. #2
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could use a cookie. It *IS* a text file...

  3. #3
    SitePoint Addict
    Join Date
    Apr 2002
    Location
    Miami
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It would have to be as txt file on local machine in case they delete cookies or something.

    out of curiousity though can cookies be snooped?

  4. #4
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not if you use a session cookie. That's server-side. The client has no control over it. Obviously, it only lasts the session though, so it depends on what you want to do with the data long-term.

    "Snooped"? Not sure what you mean...

  5. #5
    ********* Janitor levik's Avatar
    Join Date
    Jan 2003
    Location
    New York
    Posts
    885
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sounds like you're trying to do a very primitive version of SSL.

    I don't thikn there's any way to open a file from Javascript. You can probably do it from a Java applet, but it would have to be granted the permission to access the filesystem before it would work.

  6. #6
    SitePoint Addict
    Join Date
    Apr 2002
    Location
    Miami
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The session cookie might work, I only need it to last one session. Snooped I meant can the value be discovered by bad guys.

    Yes primitive ssl. Initially I wanted to use ssl to send over real password then if correct exit secure server and create new temp user name and password and delete at end so no replay is possible.

    The problem is stupid pop up screen that tells visitors they are leaving secure area, my boss feels clients will not liike this. This is not sensitive information just private area for clients and no real damage would result if hacked except client probably not using site anymore.

    My idea was to have log in using comp name only, server responds with random number which is used to calculate return string from text document on client machine. I was thinking if I do this way then maybe even update temp password for each call to server so hijacking session also not possible without key. With this approach further encryption is not needed as password only good once and no way to guess next password.

    Problem is reading key at client side. But now I am thinking maybe Flash can be used to open txt file and select correct string to send back for next page call.

    Or best, anyone can tell me how to avoid stupid screen popping up alerting visitors of leaving insecure area

  7. #7
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Seems an awful lot of trouble to be going to for a client preview site! What are they previewing? Government secrets??

    A friend of mine uses GUIDs to handle his password management in a similar way, behind SSL. It's a good way of doing it. I don't see why you couldn't do all of that using session variables.

  8. #8
    SitePoint Addict
    Join Date
    Apr 2002
    Location
    Miami
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The secure area contains all the communications between client and company including an area to order supplies or services but no sensitive data such as credit cards is ever sent over, its boring to elite hackers but...

    On the other hand the company is a lock down place with biometric security devices and cameras etc so they want to continue this feel.

    Can you briefly explain GUID's.

  9. #9
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by whiterabbit
    Can you briefly explain GUID's.
    Ach.... no. Not really. It's way over my head. My mate's an ex-Microsoft guy. Scary programmer with a big brain. I can tell you it means "global unique identifier", it was a term created by Microsoft techies and they look like this:

    Code:
    B325EC27-4F72-428D-88AF-A40AC7CA6E74
    Beyond that, you're on your own. I gather it's relatively easy to get an MS server to generate one for you though...

  10. #10
    SitePoint Addict
    Join Date
    Apr 2002
    Location
    Miami
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You know I have wasted too much time on this.

    I am going to convince them to use ssl for the entire session. They have maximum 100 clients and its not a place they will go to every day so I dont think it will be too much load for the server.

    That is best way I think, everyone is happy but I still would like to know how I could implement the idea of reading from a text file etc... I think I will work on this and see what I can find.

    Thanks for your help
    Jp

  11. #11
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think you're right to do that. Otherwise you're reinventing the wheel. Still, it is fascinating stuff...

  12. #12
    SitePoint Addict
    Join Date
    Apr 2002
    Location
    Miami
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah it is really interesting!

    Just found a workable solution. I can send login information from insecure url to ssl in flash. Info is sent protected and I am still in unsecure page so do not have to worry about that alert message that scare the clients. : ) and I dont burden server with more ssl calls.

    have good day.

  13. #13
    Drupaler bronze trophy greg.harvey's Avatar
    Join Date
    Jul 2002
    Location
    London, UK
    Posts
    3,258
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmmm... interesting. That's got to be counted as a hole in IE's security. Does that work in all browsers? Could you post a link?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •