2

I realize this is a HUGE, MASSIVE security risk, but I have my reasons. I'm not asking whether it's a good idea, just whether it is possible at all. Doesn't necessarily need to be JS, but it does need to be browser based and client side.

Specifics:

  1. Client must be able to create and write to server-side file.
  2. Cross browser/platform solution is preferred, but solutions specific to one environment would also be good.
  3. Preferably the solution would not require anything beyond the browser's default state, but if it requires some plugin(s) to work, so be it.

And @Cheeso, definitely not a virus. This is more theoretical than anything at this point.

Dan
  • 3,246
  • 1
  • 32
  • 52
  • 3
    Is the client-side OS known and fixed? For example, if you know it will be Windows, you might be able to do it with ActiveX. – Mark Eirich Jun 29 '12 at 20:53
  • There are APIs for doing more (user-directed) file reading than there used to be, and there are APIs for storing things on the client more conveniently than with cookies, but there's no generally-available API for arbitrary file system access from JavaScript. – Pointy Jun 29 '12 at 20:54
  • @MarkEirich: I'd prefer non-fixed, but if you have a solution involving fixed then that may work too. – Dan Jun 29 '12 at 20:54
  • 1
    Also, what exactly do you mean by "file IO" - I assume you mean something beyond user-initiated upload or download, but what exactly? – Mark Eirich Jun 29 '12 at 20:55
  • See this: [How to read and write into file using JavaScript](http://stackoverflow.com/q/585234/830125). – Drew Gaynor Jun 29 '12 at 20:55
  • Do you need a direct filesystem access? I can think of a pure-JS method to read and save binary data on the client, but it requires interaction of the user (open and save file paths). – Rob W Jun 29 '12 at 20:55
  • @MarkEirich: I'm looking for them to read a pre-existing file (trivial) and then create and write a new file. – Dan Jun 29 '12 at 20:56
  • @RobW: The solution can't require user interaction. Everything must be self-handled once the script starts. – Dan Jun 29 '12 at 20:57
  • @JackieChiles: I read that before posting, but it addresses the question assuming that I care about security. I want to throw security out the window and figure out whether it's possible without a concern for being secure. – Dan Jun 29 '12 at 20:58
  • @Dan Can you edit your question to include your possible tools? E.g. Ability to install a browser extension/add-on/plugin, ability to launch a process at the client, etc. – Rob W Jun 29 '12 at 20:58
  • You'll need to be more specific about your requirements. The description you've provided so far sounds like you want to create a virus. – Cheeso Jun 29 '12 at 20:59
  • @RobW: No problem. Let me add those in. – Dan Jun 29 '12 at 20:59
  • @Dan This may help: http://stackoverflow.com/q/1087246 (it's old, but Java applets still work). Firefox provides an [API for add-ons](https://developer.mozilla.org/en/Code_snippets/File_I%2f%2fO) for file system access. Chrome does not offer a ready-to-use API for file system access. For Chrome, you need to write a [NPAPI plugin](http://code.google.com/chrome/extensions/npapi.html) to get the job done. In IE, you can use `Scripting.FileSystemObject` ActiveXObject to get file system access. *I don't have any experience with Opera/Safari local filesystem access, can't say a word about these.* – Rob W Jun 29 '12 at 21:21
  • Thanks, @RobW. That does look like it's headed in the right direction. I'll look into it. – Dan Jun 29 '12 at 22:02
  • @Dan Chrome, IE and Firefox covers [about 90%](http://gs.statcounter.com/) of the **desktop** users. Since you're willing to ask your users to install an extension, you've probably got a specific audience. It's worth investigating the browser usage statistics of your audience before implementing such a feature. – Rob W Jun 29 '12 at 22:07

2 Answers2

0

Do you speak HTML5? Can you force your users to use Google Chrome? You can use the filesystem API: here you can find what you need to start reading/writing files.

napolux
  • 15,574
  • 9
  • 51
  • 70
  • 2
    The HTML5 file system is **virtual**. There is no direct connection between a HTML5 FS and the user's FS. – Rob W Jun 29 '12 at 20:57
  • No detail in the question about virtual or "real" filesystem. He's only asking for "file I/O" – napolux Jun 29 '12 at 20:59
  • 1
    @Napoux From the comments, it's obvious that the OP needs to access the real filesystem. And in the question, it's somewhat obvious that he needs access to the real filesystem ("huge security issue"). I don't see any harm in a virtual file... – Rob W Jun 29 '12 at 21:01
  • 1
    Sorry for the lack of specificity. Must access the real file system. – Dan Jun 29 '12 at 21:05
0

You just added "read and write to a server-side file" to your description... and that's a HUGELY different question.

If you want to read/write a client-side file, and you can't just have a file upload/download like normal websites, you should look into using a signed Java applet (see this website for details) - IIRC Facebook used such an applet in its early days so users could upload multiple photos at a time. Java applets seem to be going the way of the dodo, though, so YMMV.

But if you want to read/write a server-side file, then just about any server will be able to do that, without any browser-side trickery. Google is your friend, i.e. look up "PHP write to file."

btown
  • 2,273
  • 3
  • 27
  • 38
  • I'm well aware how to do server side writes the traditional way. If that was the issue, I wouldn't need to ask about it. Like I said, I'm aware that its not a traditional need. – Dan Jun 29 '12 at 21:24
  • I see you changed it in your question, and I meant no harm. Would the Java approach work for your situation? – btown Jun 30 '12 at 02:00