Question

32

Web application access user's file system

rated 0 times [ 38] [ 6] / answers: 1 / hits: 20398 / 9 Years ago, mon, november 16, 2015, 12:00:00

I am creating a web application for my client. The application will be installed on a dedicated server within corporate network.
He wants to see the list of his local files (from his local PC) on the web page. He means that any visitor can see the list of his local files from some folder.

I know that the web application cannot have access to visitor's file system. Browser limits this by design. Of course, there might be some browser extensions and applets and flash apps or even hacks.. But this is not that case.

But how can I explain this to him? He points me to the 'save as' or 'load file' dialogs and say that other applications can do this. I don't know how to explain him that this is just a browser's interaction.

I tried to google for some links to proofs, but cannot find something quickly.

Can you guys give me some links to the documents describing inability to access user's folder from web application?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

alejandro

Add To Favorites

Follow

Total Points: 231

Total Questions: 102

Total Answers: 107

Location: Jordan

Member since Wed, Jun 17, 2020

4 Years ago

answered 9 Years ago tayaw · Accepted Answer

Finally I did a compilation of some quotations and it is done..

https://en.wikipedia.org/wiki/JavaScript#Security

scripts run in a sandbox in which they can only perform Web-related
actions, not general-purpose programming tasks like creating files

https://www.us-cert.gov/publications/securing-your-web-browser

JavaScript, also known as ECMAScript, is a scripting language that is used to make websites more interactive. There are specifications in the JavaScript standard that restrict certain features such as accessing local files.

https://developer.mozilla.org/en-US/docs/Web/API/File_System_API/Introduction#restrictions

Because the file system is sandboxed, a web app cannot access another app's files. You also cannot read or write files to an arbitrary folder (for example, My Pictures and My Documents) on the user's hard drive.