FireFox file full path – Security Issue

when you use the file upload using either ASP:FileUpload or html input control which is a type of file, FireFox doesn’t give you the full path of the selected file. For this purpose i have used both the controls as mentioned below

    <asp:FileUpload ID="fleUpLd" runat="server" />
       
     <input type="button" id="btnDD" value="File - Upload " />

Now that I’ve used both, i tried to get the full path of the selected file. Well, you’ll get the full path of the selected file, when this page is viewed in IE, but not in FireFox. I did a full search on net for getting the full path of the file, but my search went in vain.


There are many snippets that did some attempt to show case the full file path. some thing like, using the onchange event with the help of this.value , but that would also show  you only the file name when fired in FF. The code is some thing like the below

<input type="file" name="upload1" id="upload" onchange="alert(this.value);" />

According to FireFox at this link, they are considering this requirement as a security breach and made it clear that their browser has over come the security breach by not showing the client-side full path of the file. In their words,



..the entire path of the file was available to the web application. This privacy concern has been resolved in FireFox 3 ..


Hence, there is no possibility of showing the entire path of the file what was ready for file upload. Honestly, I didn’t like this. To get the full path of the file that is ready for upload, the developer has to write a custom control, which is reinventing the wheel.


What do you say?


I just read from one of the blogs at weblogs.asp.net about this. Thought it is interesting to read the way the author presented the issue at this link. Did you like it? And here is the bug ticket for Mozilla. This has full details of why and how .. blah .. blah..

Comments

Post a Comment

Popular posts from this blog

Network Intrusion Detection using Supervised ML technique

Declaimer This is my initial version of the synopsis for PhD studies. There are plenty of things that i have to complete before i prepare the final version. Thus, this would be the alpha version. Due to the length of the blog post, will not be posting the entire draft. 1.Title of the thesis Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection 2.Introduction Intrusion Detection System, IDS, is a development which improve the network security and defending the information of the association. The IDS encourage the network chairman to recognize any malicious action on the network and alarms the executive to get the information made sure about by taking the appropriate activities against those attacks. An intrusion alludes to any unauthorized access or malicious usage of data assets. An intruder or an attacker is a true element that attempts to discover a way to increase unauthorized access to data, causes hurt or take part in different
Read more

Common mistakes by Interviewer

Now-a-days am conducting few interviews for our organization. While sitting in the other side of the table, I've visualized why most of the interviews fail with me. But when conducting these interviews, most of the candidates are attending with self confidence that they are suitable for the mentioned role and attend without preparation. When people do some real preparation, they tend to fail due to lack of awareness at the interviewer towards interviewing techniques. Having failed in many interviews, I've learned that the interviews fail because of the following... Reflection (or) Mirroring: The interviewer tends to see self within the candidate. The interviewer starts to compare self with the candidate and evaluate. This evaluation is totally personal. The yard stick for measuring the candidature is not generalized, but influenced.   Template (or) Checklist: The interviewer has a template of a questionnaire. The interviewer measures the candidate with respect to the list of st
Read more

Keep the system active, to avoid the auto lock

Most of the corporate offices will have a policy for screen locking. While working with a long running applications at background, like the automation scripts for testing the applications, it would be difficult to maintain the unlock state of the screen. Thus, we found a technique to keep the system active with a cheating technique. Below is the powershall scripts that keeps the system active ' I am clicking on NUMLOCK for every 5 seconds to keep the system awake Set objNetwork = CreateObject("Wscript.Network")'to get user name numOfHours=inputbox("Hi " & objNetwork.UserName & ", How many hours you want me to be awake? :->") 'time variable conatins the time in hours Set WshShell = WScript.CreateObject("WScript.Shell") 'Creating an object for clicking keys from keyboard numOfMilliSecs=numOfHours*3600*1000 'converting hours to milli seconds While numOfMilliSecs>0 'runs until tym becomes zero WshShell.Send
Read more