Solved

Mozilla

Posted on 2004-08-09
10
836 Views
Last Modified: 2008-03-03
I have a website that allows people to download files.

i have a set of links that goes along the lines of <a href=file://servername/folder/file.doc>title</a>
But in mozilla firefox it doesnt want to download the file.
0
Comment
Question by:Cained
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 33

Expert Comment

by:sajuks
Comment Utility
Try calling it inside a function


<a href="javascript:DownldLink()">This is the link</a>

where
function DownldLink()
{
    location=file.doc;
}
0
 
LVL 27

Expert Comment

by:Diablo84
Comment Utility
i dont think mozilla can handle the file protocol, it should work fine via http

<a href=http://servername/folder/file.doc>title</a>
0
 
LVL 2

Expert Comment

by:Joakim_
Comment Utility
As Diablo84 says...

And do always use http:// or ftp:// or something, never anything else.
0
 
LVL 31

Accepted Solution

by:
seanpowell earned 50 total points
Comment Utility
Just as a reference, in case this ever needs to be handled in an intranet setting:
http://www.unc.edu/ais/directories/mozilla_fix.html
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
Just as a note for anyone using that link.

The file: protocol is not support without config tinkering, because allowing the file: makes the browser slightly less secure.  There are exploits that can use the file: protocol to access files on the client harddrive without permission.  While I believe those are still limited to IE, there is not reason to believe that some hacker will not try to exploit the security hole presented by enabling the file: protocol

Cd&
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 31

Expert Comment

by:seanpowell
Comment Utility
So, to make sure I follow... if the admin sets the configuration to access that protocol within an intranet, there is still a security risk?
I ask because this was discussed at a recent meeting... so I'm curious as to your take on it.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
If the users on the intranet are also accessing the internet and file: protocol is available, we have seen in IE that the normal partitioning through what IE calls zones can be traversed, and at least two exploits emerged did exactly that and that in fact is what prompted CERT to declare IE as unsafe.  

Mozilla is not immune from similar attacks, though their response has been pro-active and they close security holes before they are exploited.  AFAIK there is no current exploit that will take advantange of file: protocol being available on Mozilla, but there may be some kiddie hacker working on it.  It creates an opportunity; and it should be clear to all of us that work with the technologies of the web that every opportunity will be exploited at some point. I prefer to keep the doors locked except when I actually have to use them.

Cd&
0
 
LVL 31

Expert Comment

by:seanpowell
Comment Utility
Makes sense.

>>are also accessing the internet.
These machines had no outside access, so they were safe. But it's better to be proactive :-)
If the configuration does get set - well, they've been warned...
0
 
LVL 2

Expert Comment

by:Joakim_
Comment Utility
Think about it, Cained. People have to fix that setting before downloading your files. You must think about being user friendly. It's much smarter to use HTTP.
0
 

Author Comment

by:Cained
Comment Utility
Yes thank but the problem is that the page is working as a frontend to a file server. They are not very keen on creating a webserver on the fileserver so I have to link it accross. It is all intranet so it should not be prone to attack from outside the company.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Do you want to insert HTML5 video into your site? This is the tutorial how to do so. What are the main advantages of HTML5 video? 1) Have good compression, good image quality, and low decode processor use. 2) It is royalty-free 3) It is easi…
Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
In this tutorial viewers will learn how to position items using CSS's three positioning types Create a new HTML document with an internal stylesheet.: Create another div in CSS and name it Absolute : Type "position:absolute;" and "top:10px; left:50p…
In this tutorial viewers will learn how to embed Flash content in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <object> tag to embed Flash content.: To specify that the object is Flash content, d…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now