You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Girish Naik <gi...@gmail.com> on 2009/06/21 08:02:27 UTC

Can this be breaking security ?

Hi, i was just implementing file upload in struts 2.0. When the form with
file is submitted, I can see the full path in the path property of file.

Can it be possible for any one to get the path and look for any other file
in that location of folder?


Regards,
---------------------------------------------------------
Girish Naik
Mobile:-+91-09740091638
girish.naik@gmail.com
George Carlin<http://www.brainyquote.com/quotes/authors/g/george_carlin.html>
- "Electricity is really just organized lightning."

Re: Can this be breaking security ?

Posted by Girish Naik <gi...@gmail.com>.

sorry its not possible to pick files from the clients machine as when a file
is uploaded it (someone) creates a tmp file in
'work\Catalina\localhost\<context>\upload__70e25ce7_121fcf971b2__7ff2_00000003.tmp'

hmm ... super.


Regards,
---------------------------------------------------------
Girish Naik
Mobile:-+91-09740091638
girish.naik@gmail.com
George Carlin<http://www.brainyquote.com/quotes/authors/g/george_carlin.html>
- "Electricity is really just organized lightning."

On Sun, Jun 21, 2009 at 11:32 AM, Girish Naik <gi...@gmail.com> wrote:

> Hi, i was just implementing file upload in struts 2.0. When the form with
> file is submitted, I can see the full path in the path property of file.
>
> Can it be possible for any one to get the path and look for any other file
> in that location of folder?
>
>
> Regards,
> ---------------------------------------------------------
> Girish Naik
> Mobile:-+91-09740091638
> girish.naik@gmail.com
> George Carlin<http://www.brainyquote.com/quotes/authors/g/george_carlin.html> - "Electricity is really just organized lightning."