Hi,

In our prototype application that we are building, we need the ability for users to be able to download files and we also need the ability to upload files; I have a few questions...

1) Where on the server should we put files that can be downloaded

2) Can we make the download location dynamic based on who is logged into our application

3) Is the location where the files are stored secure? (i.e. if User A is logged in, could they alter the URL so they could download files that are meant for user B)

4) Where on the server are files uploaded to?

5) Can we make the upload location on the server dynamic based on who is logged into the application? (i.e. if user A is logged in then their files go into .../apps/[user A files]/)

6) Are uploaded files secure? (i.e. can anyone access them without logging into the application and can user A access user B's files)

7) Is it possible to lists files in a directory on the server in FS?

Thanks,

Craig.

asked 15 May '13, 04:25

Craig's gravatar image

Craig
1.1k242
accept rate: 6%

edited 15 May '13, 04:26


Hi Craig,

Formspider handles downloads and uploads from the database. For upload here is the tutorial: http://theformspider.com/learningcenter/tutorial-15-how-to-upload-a-file/ and here is the demo http://formspideronline.com/formspider/main.html?name=DemoMain#DemoFileUpload

For download, Formspider has two API's:

First API is called api_datasource.download with the following signature: download(in_datasourceDotColumn_tx varchar2, in_fileName_tx varchar2, in_row_id number:=null) . So you specify the datasource name and column name which hold the BLOB you want the user to download. Next, you specify the file name and finally you specify the datasource row id optionally. If no row id is specified the API will attempt to download from the current row in the datasource.

If you want to place your files to the file system that's fine too. In that case you can use the api_application.fileDownload API which has the following signature: fileDownload(in_link_tx varchar2, in_title_tx varchar2:=null, in_fileName_tx varchar2:=null). The first parameter in_link_tx is the URL (relative or full path) your application will attempt to start the download. in_title_tx is the Title of the dialog window that opens up on the user's screen. in_fileName_tx is the default file name you want to give the downloaded file.

So with that information in mind, let me answer your questions:

1) Where on the server should we put files that can be downloaded

You can put them to the database or to the file system.

2)Can we make the download location dynamic based on who is logged into our application

Yes. As you can see in both API's (api_datasource.download and api_application.fileDownload) the developer can dynamically change the content of the download.

3) Is the location where the files are stored secure?

This totally depends on your implementation not to Formspider. :-). If you place the files in the database, then things should be pretty much secure unless you make a mistake that I cannot think of right now. If you place you files to the file system, then you should not place them in a publicly accessible folder. You should write a servlet that serves the files after validating the request. An easy way to achieve this is to create hard-to guess temporary access tokens that you can validate before allowing the download to start. So the download link you generate would be something like http://www.mydomain.com/downloads/download.jsp?accessToken=gjtudjsi . Your servlet would validate the accessToken gjtudjsi against the list of valid tokens. If valid it would remove the token from the list and start the download.

4) Where on the server are files uploaded to?

The files are uploaded to the database. From there you can do whatever you want with the file. The Tutorial above explains it all.

5) Can we make the upload location on the server dynamic based on who is logged into the application?

As shown in Tutorial 15, once the upload finished you can do whatever you choose to do with the downloaded file.

6) Are uploaded files secure?

Yes.

7) Is it possible to lists files in a directory on the server in FS?

Yes but this has nothing to do with FS. It's just a feature of the application server you use.

Hope this helps.

Kind Regards, Yalim

link

answered 15 May '13, 05:19

Yalim's gravatar image

Yalim ♦♦
2.8k5
accept rate: 20%

edited 15 May '13, 05:20

Thanks for the detailed response; I will work through the tutorial when I get chance and give it a try.

Thanks,

Craig.

(15 May '13, 07:00) Craig
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×7
×4

Asked: 15 May '13, 04:25

Seen: 1,037 times

Last updated: 15 May '13, 07:00


© Copyright Gerger 2017