Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am new to web development. And currently, I am developing a web application using GWT. I use a servlet to upload a file. Then the file will be write to a directory in \war. But I think this is not safe, because I can get the file directly by typing some address in the browser. Could anyone tell me how to store files safely on the server? Thanks in advance.
Rather than storing the file unencrypted on the file system, you could choose to store the file outside of your execution environment.
There are a number of options for this, such as storing the file in a database, and then only allow access if the correct credentials are provided.
Alternatively, you could look at using a cloud based file storage solution such as Amazon’s S3, which scales well, and allows you to secure files and generate secure URLs to retrieve the files when required.
Storing the file outside of your execution environment also has the advantage that you can scale up to multiple execution environments, and the files will be accessible across the nodes.
If you really want or need to store the file on the file system, and don’t ever anticipate increasing the number of execution environments, then you could use a ServletFilter to intercept requests to access the files, and only serve them up if the correct credentials have been provided.