I need to let a company push information up to my site.
The best way to explain what I am talking about is to explain how it is currently done with their previous website:
This company uploads a CSV file to an FTP set up by the website. The website then processes the CSV file and puts it into an SQL database so that it can be used by the website.
In this case, I am the website and I am working with the company. Both sides are willing to change what they do. So my question is...
What is the best way to accept batch information like this? Is there a more automated way that doesn't involve FTP? In the future I may have a lot of companies wanting to do this, and I'd hate to have to setup accounts for each one.
The project is C# ASP.NET MSSQL
Let me know if you need more information...
Set up a web service to accept incoming data. That way you can validate immediately and reject bad data before it ever gets into your system.
If you want to eliminate FTP, you could allow them to upload files to your site leveraging using FileUpload. Once the file is uploaded you can do your server side processing.
EDIT: From the OP's comment's it seems to be an automated process. That said, if their process generates the file, you could:
Allow them to continue their current process which would involve them generating their file and placing it somewhere where it could be accessed via a URI with authentication, you could access this file on a schedule and process it. From what it seems right now they generate a file and upload it to your FTP server, so there seems to a manual element to begin with.
Related
I have been looking at exporting data from a company SharePoint site using C# written in VS Express 2013. First, a caveat - I'm new to web based APIs (Soap or REST) and SharePoint, so apologies if my question is prosaically easy to answer/ badly worded. Pretty much all of my previous work has been with files local to the machine or on a similarly local company network that can be accessed in the same way.
My aim - download a list from one site, do stuff to it on the client machine and then re-upload it to a different SharePoint site.
I have tried using the Soap API (Client object model) but I am encountering a variety of access and permissions issues. So I switched to the REST API, and have now managed to get the list data into XML within my browser. But I don't really want it in my browser - I want to access it programmatically, and write selected data from the list into a local file (using System.IO.Path.GetTempPath() to find the temporary folder), without browser windows popping up (except to allow the user to log in to establish an authorized context with the server). There has to be some trivially easy way of saving the XML data to my temporary file without needing a browser open, but I haven't been able to find it.
My REST query is like the following:
https://sk.someSharePointSite/sites/subsection/_vti_bin/ListData.svc/AList
I would suggest you should use Sharepoint client object model for downloading/uploading files to sharepoint.
If there is anything specific you can't do with CSOM then use REST API.
You can check the code details here:
http://msdn.microsoft.com/en-us/library/ee956524%28office.14%29.aspx
Ok I know this is a probably a very basic question but I'm more of a winform person.
Question is simple.
If we Add System.IO to a Web Form . Can we then use a StreamWriter to write a log file to the end user Computer?
For example if page_Load use the following code:
StreamWriter sr=New StreamWriter("C:\abc.log)
sr.Write("ABC")
Then where this abc.log file is created? on webserver or on end user? If on websever then how can we write it on the end user machine?
I want to write a log file on the client machine. What are options? Is using a cookie an option?
No - that is not the way the web works...
You could present the Log as an download, that would be the cleanest solution.
As everyone in this thread has pointed out: this is simply not possible. Now depending on what you are trying to store you could leverage cookies to store some information on the users computer but this can be cumbersome and you are limited to 4K of information. That being said HTML5 offers the new JavaScript objects localStorage and sessionStorage which are basically a key/value dictionaries. localStorage would probably suit your needs best I think since it will persist information on the users PC after the browser is closed. For example:
function logSomeData(message) {
localStorage.logFile += message;
}
function showData() {
alert(localStorage.logFile);
}
If you run the logSomeData function in a browser, close the browser, then come back and run the showData() function the value you added to logFile will be persisted. This isn't a new concept, this is doing exactly what cookies do today except that localStorage is easier to work with (in my opinion) and it can store much more information (2MB to 10MB depending on the browser). It is worth pointing out that this is a new technology so older browsers like IE7 can't use localStorage.
Please let me know if you have any other questions!
As far my knowledge you can't write the client file using asp.net.
In your example you are writing the file where application is hosted.
Means the application server's c:\abc.log
All the code behind in asp.net runs on the server so the code you posted will write to the server machine.
Browsers don't allow interaction with the local machine file system for security reasons
You could use some other technology (e.g. an ActiveX control hosted in a web page)
why you want log file on client site ?
if you want to store some information on client site use cookies
If you're stuck to Internet Explorer 6, the only solution to be able to store client-side data, is to use userData Behavior. It well let you store up to 128kb.
I would recommend you to have a look at jStorage. Which is:
a cross-browser key-value store database to store data locally in the
browser - jStorage supports all major browsers, both in desktop (yes -
even Internet Explorer 6) and in mobile.
It's mainly based on HTML5 localstorage but it will switch to any available technology (like userData Behavior) when HTML5 is not supported.
You could download the text file of log to client machine if you flush the .txt file in the respose object i,e (response.write)
I have a game I've been working on that I want to do a sort of "cloud saving" with. My issue is securely uploading save files so that we don't expose our website or FTP server. Right now, I'm using FTP with a severely restricted account that has access to /saves, but it also has access to each user's save directory. Malicious destruction of save data was solved with some clever design, and it's not what I'm worried about. I am worried about someone getting ahold of the FTP account I use to login (wouldn't be too hard, because it has to be stored in code) and using it to make multiple connections and upload massive files. I don't want to place an upload restriction on the account, because all of my users have to use the same account for uploading, and I don't want legitimate users running into issues. However, this still presents an issue. Users have a WordPress username and password they use to launch the game, and the launcher validates permissions through WordPress. Ideally, when people buy the game I'd like to create a directory for them, as well as a username and password and upload limit of probably 10MB/day, but I doubt our hosting service provides this so I'm looking at alternate methods.
tl;dr How do I restrict users of my game into a specific directory with an upload limit, potentially without using FTP? I tried to do uploading with PHP before, but it's generally frowned upon when a remote PHP script tries to access files on a user's machine without any sort of FORM element. I guess it might work if I could initiate some sort of upload from the client... I'd still have to find a way to prevent malicious uploads, though.
Any ideas, anyone? This is something I'd really like to do, and to do it I need to make it secure against attacks.
Thanks!
Isn't this the kind of problem that web service created to solve? You can create a web service, integrate it with your user database, so your game would call the service to upload and download the data with authentication token from Wordpress. It won't stop anyone from DDOSing your webservice, but at least no risk for leaked password. Do note, according to this article, there's a hard limit to the uploaded data at 4MB. Of course you can simply split the file before sending them and handle the joining at the server.
I am having a web form available to public, which has file upload capability. Now files are either saved on web server or sent out as attachment in an email. We are having restriction on size i.e 15MB and extensions of file being uploaded. Our SMTP server is on same web server. I have concern about security, as anyone can upload malicious files and can have impact on our production web server.
What are the risks I will be having by such file upload control available to public? Is there anyway someone can execute malicious script on web server by uploading malicious file.
I did some research and found out following points
If I sent out a file as an attachment in an email, this file will be stored for temporary period in Temporary ASP .Net folders, and once email is sent this will get deleted.
You can rename a file before saving them on file system.
You can save file on different location as your website
You can have some sort of real time virus check. I am not sure how you can do that. I was reading about some command line virus scan. But not sure if I really need that.
These are just few points, but I would like to know about any blind spots in file upload.
To answer your question about possible security vulnerabilities, yes you can definately create vulnerabilities in your application and for your users even if you don't save the file to the disk. But there are a few lines of defense you can take to validate.
The first is to obviously restrict the types of files that can be uploaded, you can do this with a white list and a check of the extension but don't stop there. You should also verify by looking at the contents of the file to ensure that it complies with the expected format. This can be critical as a bad guy can inject file headers into the file uploaded and use your system as a zombie for passing around his malware.
Second you should run a virus scan against the uploaded file, you can do this by using a command line to execute a local virus scanner. This is an easy thing to do with many virus scans including Trend Micro, and unless you're looking at a massive amount of file uploads then it should not be a huge tax on your server.
Ensure that you never pass paths as user submitted data (via GET or POST to download) as that can expose you to a path traversal attack. If your user needs to download the file from the browser you can create a database of where the records are stored and then create a controller or page that will fetch it based on the database record and the users access to that record, rather than provide a path which a user can control and use to get files from your server.
Ensure that the directory you will save to is not readable by the web server, this way they don't upload a malware script and then execute it from their browser via an HTTP
Ensure that you validate all user input against some anti-XSS library (Microsoft provides one http://www.microsoft.com/en-us/download/details.aspx?id=28589)
Hope that helps!
The best way is to upload them to /App_Data folder or to store them in a database as binary objects. App_Data is not readable through the web server, so this will protect you against execute and script access. An alternative to storing them in binary is to Base 64 encode them and store them in text (again either in the file system App_Data or database).
Create a proxy page to check the user has permissions to view/download the file and if so send a stream of the file to the HTTP response. This way users do not have direct access and cannot execute anything they shouldn't. You can also attach files using the SMTP classes from a stream reference.
If storing in the file system you could implement your own naming convention so that a request for the actual file is mapped to the stored version.
Virus scanning can be useful, but think of this as protecting other users that may have access to download the file rather than protecting your server.
I'm building a webapp that needs to interact with a Access Database. The Access database is about 200 megs and I don't want to upload the entire thing...just the contents of one table. So far, I've used Microsoft.Office.Interop.Access in the past on a desktop app but when I tried this on a webapp there is some cryptic permission issues on the web server(I think) that need to be ferreted out.
As far as I understand it I can
1 - upload the entire database and select the data
2 - I can use interop and figure out the permission issues
is there a 3 or 4 option?
Thanks guys.
The location of the access file doesn't matter as long as it is accessible local or through the network and the NETWORK account of the webserver (if it is a Win2K3 or higher server otherwise it's the ASP.NET account) has access to that location.
So no need to download or upload anything.
Also... the fact that your back-end is dealing with an access database shouldn't be visible or be of any concern to the client...
OTOH if you are looking for a solution to "manage a database through a web interface", then maybe it's better to look at something like this... (It's for sql server, but migrating from access to sql server isn't that big an issue ;-)
If you want to code it yourself, i think this post can come in handy.
No need to interop, just use an OleDbConnection with the right connectionstring.
I don't know if i understood your problem but maybe you could upload the table data using a CSV file, then parse every line and use a SQL query to INSERT this data the Access database.