Page 1 of 1

accessing file on hard drive from web

Posted: Thu May 17, 2007 5:19 am
by mikeeeeeeey
Hi guys,

I'm currently building an intranet for a client, and they would like their network login to work with the web based intranet.

So far, I have the user's computer generate a text file which is created when the user logs in, which contains their informations, such as which dept they work in, their username, their system root (for X-platform) and other information.

The trouble being, I don't know how you'd go about accessing files local to a computer in PHP. I started off using shell commands, only to realise once they were online they weren't relative to the computer, and instead the server.

I've heard it's possible in Java, but I'd rather use PHP if it's possible.

Please help? :D

Thanks very much in advance.

Posted: Thu May 17, 2007 6:56 am
by Chris Corbyn
It's not possible. Imagine the fun I could have if I was a mailicious hacker and I could write a website which accesses your hard drive.

Posted: Thu May 17, 2007 8:05 am
by mikeeeeeeey
Obviously.


I've found some stuff about Java certificates, hopefully that will help

Posted: Thu May 17, 2007 4:36 pm
by Weirdan
I've found some stuff about Java certificates, hopefully that will help
I'd suggest googling for 'ntlm authentication' instead.

Posted: Thu May 17, 2007 4:43 pm
by RobertGonzalez
I will tell you that this is a little more cleanly implemented when the users are using IE as it can tap into COM objects that utilize NT authentication from their network credentials.

You can authenticate users to the corporate intranet through network credentials, but you need to explain to your client that there are a whole new level of physical security training methods they will need to implement as soon as you go live with this. Specifically, the users will no longer be allowed to leave their workstations without locking out as anyone with access to their unlocked machine will be able to open their browser and have access to all of that person's intranet information. This can be bad when the intranet content and other privileges are managed through web forms.

Posted: Thu May 17, 2007 6:50 pm
by Weirdan
the users will no longer be allowed to leave their workstations without locking out
This policy must be enforced regardless of whether you use intranet or not. Heck, I lock my computer at home when I get up (and I live alone).

Posted: Thu May 17, 2007 7:10 pm
by RobertGonzalez
I agree with you weirdan. It is a good policy to enforce. I just think it needs additional attention when using automatic network credential authentication because of what the users may have automatic access to. But I totally agree with you. I lock my computer whenever I am away from it.

Posted: Fri May 18, 2007 3:22 am
by mikeeeeeeey
nice one guys, thanks for the advice.