Hey,

I was wondering if a anyone knows if there is a way to limit access to files on a server. Now by this i do not mean password protection the file or denying access to it all together. What im imagining is this

i have a jar file. in the html code it launches with a command like....


<applet code="fungame.main"
archive="jars/fungame.jar"
width=600 height=500>
</applet>

Then imaging that it is embedded in an html file called fungame.html

Is there a way to restrict access to that jar file, so that it can only be spawned from within html file fungame.html? I cant seem to figure out how to do it in .htaccess and was wondering if any of you had any ideas.

Thanks

Why? :p

chmod it..

.htaccess




Options +FollowSymlinks
# no hot-linking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?MyWesite\.com/ [NC]
RewriteRule jars/fungame.jar$ / [NC]



Basically the above code says if the referrer is not blank or your website(change it) and the file is called it will redirect them to your main page!

Guide: http://corz.org/serv/tricks/htaccess2.php

Or if it is a Linux server just use a bash terminal to chmod the file/directory or use a FTP client.

Ill try the .htaccess bit tomarrow, but i am curious about the chmod. i use ubuntu on my compuer now and the server is a debian server. What would i chmod it to??

edit: and i want to do this so people just cant rip my jars off my site

You should use 0700 for read, write, and execute access for owner but nobody else.

You should use 0700 for read, write, and execute access for owner but nobody else.

but to clarify... will that allow my web page to access the file, and load it on the clients machine as long as its called directly from within a webpage?? regardless ill try both methods tonight.

thanks

I think everyone is missing the point. A simple answer is probably no.
Since you need the file in you .html file, the browser will simply try to fetch the file. Changing permissions or anything won't help, as then the html file may not be able to get the .jar file any more. (A refer can be faked anyway)

So unless you write a very sophisticated system that only allows access if a browser or anything specifies a certain keyword that you pass in the url in your html file once, and then disallows it again, etc, this is not possible. (And it is still not possible if someone is a bit experienced, he will just as easily find your file.

The concept is simple: You want to restrict access to a file you want users to load. -> Not possible.

I think everyone is missing the point. A simple answer is probably no.
Since you need the file in you .html file, the browser will simply try to fetch the file. Changing permissions or anything won't help, as then the html file may not be able to get the .jar file any more. (A refer can be faked anyway)

So unless you write a very sophisticated system that only allows access if a browser or anything specifies a certain keyword that you pass in the url in your html file once, and then disallows it again, etc, this is not possible. (And it is still not possible if someone is a bit experienced, he will just as easily find your file.

The concept is simple: You want to restrict access to a file you want users to load. -> Not possible.

okay thats mostly what i was trying to find out, BUT i was wondering if there was a way to only allow access to the file, from another file that is pointing at it.

Like since the html file is on the server, and the request is from withing the html file, was there a way to configure .htacces to only allow access to this file, if it is requested by that file...

http://kylewollaston.com/test/
^ The bolded "wat" is located within the HTML file blah.html..

http://kylewollaston.com/test/
^ The bolded "wat" is located within the HTML file blah.html..

chmod 0700 'file-name-here'

and now i cannot access it.... did you use .htaccess for yours?

You have to edit the jar file and make it check the DocumentBase.

chmod 0700 'file-name-here'

and now i cannot access it.... did you use .htaccess for yours?
You don't access it, the server does..
The above blah.html is chmodded 0700.
I used php in the index.php to retrieve the contents of the file via file_get_contents and echo it on to the page.

You don't access it, the server does..
The above blah.html is chmodded 0700.
I used php in the index.php to retrieve the contents of the file via file_get_contents and echo it on to the page.

are you suggesting i make a file that holds the info needed for the jar file and save it, to maybe a local variable via php and pass that variable to the applet call?

*im pretty sure that makes sense, but im a bit inebriated*

I don't even know anything about Java..but if you save a file with the data you need and chmod it 0700, you can just save the contents to a variable with php and use that for whatever you need in Java.

I don't even know anything about Java..but if you save a file with the data you need and chmod it 0700, you can just save the contents to a variable with php and use that for whatever you need in Java.

People can still fake stuff for accessing that file. And even when it is loaded, it is downloaded to the hard disk as well, where they can just copy it. The concept doesn't change. It's like saying that youtube can make it impossible to download their videos.

People can still fake stuff for accessing that file. And even when it is loaded, it is downloaded to the hard disk as well, where they can just copy it. The concept doesn't change. It's like saying that youtube can make it impossible to download their videos.
Yeah, you're right. I wasn't thinking of that. This is pretty hard then I would say..perhaps impossible..?

i would imagine it was inherent that it would not be 100% possible to limit the access to the file, the point was to make it harder. At this point anyone who is mildly computer savy can just rip the file. I was trying to make it so you need to actually sift through the cache of the browser to get the file (not exactly a simple task). Making it improbable for the average/above average user to rip the file.

anywho... Ill see what i can come up with, with your idea sex. ty