Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: Java
Expertise: Intermediate
Jul 15, 2004

How to Force a Browser to Display a "Save As/Run from Location" Dialog

Today, most browsers are designed to handle the known mime types in a very user-friendly manner. For example, if a server program writes an image/jpeg as a mime type, the browser will open the registered image viewer to display the contents. This would be true for any registered mime type on the client machine.

While this feature provides an easier user interface, it also poses a severe security threat for Web applications. The mime type's contents could include viruses, session hijackers, or cookie spyware programs.

To solve this security problem, you can force the browser to display a "Save As/Open from current location" dialogue box when it wants to write known binary content to the client.

The official approach for this is to use a http header to request the display of user permission dialog box. This header is known as "Content-Disposition."

Following is the sample for Java-based applications, though almost all http libraries provide an API to set an http header.


HttpResponse.setHeader("Content-Disposition "," attachment; filename= tip.jpeg");
Amit Jain
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap