A little help, Can a website admin see the location from where i upload the pictures to his server, and when i say location i refer to the link from my computer : C:\user\ ...
Thank you in advance.
Asked
Active
Viewed 94 times
-3
-
They shouldn't but unless they have direct access to your system why would it be a concern? If it is a concern then create a temp dir and use that to upload photos from. – scrappedcola Oct 03 '16 at 16:09
-
And also how i ca do that? – Martin Oct 03 '16 at 16:09
-
just copy somewhere else before upload. If you upload over a web form on a website there is usually no need for that. If this admin tries to do this on purpose, there may be a way achieve this data. – SalkinD Oct 03 '16 at 16:14
-
the things that concern me is that the link contain my pc user name. How can i upload it with my username changed – Martin Oct 03 '16 at 16:17
-
an (sys)admin sees all – Funk Forty Niner Oct 03 '16 at 16:35
-
1This sounds like you're trying to hide/avoid something and afraid someone might find out what you're trying to upload. Your question is unclear and requires clarification. – Funk Forty Niner Oct 03 '16 at 16:44
3 Answers
3
No. Per default only the filename will be visible. If this admin wants to get this data on purpose, he may fetch it before upload in some browsers. Modern browsers do not make it easy to do that though. (See this question)
Note that some image formats save some metadata you may not want to share. You can check most of this data here: http://regex.info/exif.cgi
3
You can inspect the exact information that's sent to the server during a regular HTTP file upload with the Network pane in your browser developer console:
As you can see, it only includes the following items (apart from file contents themselves):
- File name (without path)
- File type (as detected by the browser)
Additionally, JavaScript implements the File interface and allows retrieving file information that might be sent to the server. You can read the API documentation but, in general, the API is designed with security in mind.
Álvaro González
- 142,137
- 41
- 261
- 360
-
Such extensive functionality regards the Network panel, I believe, is only available in Firefox. – Connor Gurney Oct 03 '16 at 16:20
-
2@ConnorGurney All major browsers have a similar tool nowadays. – Álvaro González Oct 03 '16 at 16:20
-
1@ConnorGurney — No, access to the raw request body is available as standard in every set of developer tools I've used. – Quentin Oct 03 '16 at 16:21
-
@Quentin I'm in Safari and I don't believe there's any way to do it there at least! I really need to switch to Chrome. – Connor Gurney Oct 03 '16 at 16:22
-
@ConnorGurney I'm not a Mac user but Apple even has [documentation about Safari tools](https://developer.apple.com/safari/tools/). – Álvaro González Oct 03 '16 at 16:26
-
-2
This question can't be answered in general as it might depend on the website respectively the system the website is using. Many systems won't track where the images come from, also for legal reasons and to save space.
An extreme case with positive answer concerning your question might be Worms or Virus, where the information might be very important. In Intranets the information might be interesting and legal, so tracking might be reasonable too.
Edit:
Even HTML respectively JavaScript should protect against tracking local locations of uploads this is useless if upload is done in an app inside the website i.e. on Base of Java. Also PDF-Viewer, Flash etc. might be open to those information but this depends on the version of each of those extensions or plugins too.
David
- 5,882
- 3
- 33
- 44