Mozilla

I have a website that allows people to download files.

i have a set of links that goes along the lines of <a href=file://servername/folder/file.doc>title</a>
But in mozilla firefox it doesnt want to download the file.
CainedAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
seanpowellConnect With a Mentor Commented:
Just as a reference, in case this ever needs to be handled in an intranet setting:
http://www.unc.edu/ais/directories/mozilla_fix.html
0
 
sajuksCommented:
Try calling it inside a function


<a href="javascript:DownldLink()">This is the link</a>

where
function DownldLink()
{
    location=file.doc;
}
0
 
Diablo84Commented:
i dont think mozilla can handle the file protocol, it should work fine via http

<a href=http://servername/folder/file.doc>title</a>
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
Joakim_Commented:
As Diablo84 says...

And do always use http:// or ftp:// or something, never anything else.
0
 
COBOLdinosaurCommented:
Just as a note for anyone using that link.

The file: protocol is not support without config tinkering, because allowing the file: makes the browser slightly less secure.  There are exploits that can use the file: protocol to access files on the client harddrive without permission.  While I believe those are still limited to IE, there is not reason to believe that some hacker will not try to exploit the security hole presented by enabling the file: protocol

Cd&
0
 
seanpowellCommented:
So, to make sure I follow... if the admin sets the configuration to access that protocol within an intranet, there is still a security risk?
I ask because this was discussed at a recent meeting... so I'm curious as to your take on it.
0
 
COBOLdinosaurCommented:
If the users on the intranet are also accessing the internet and file: protocol is available, we have seen in IE that the normal partitioning through what IE calls zones can be traversed, and at least two exploits emerged did exactly that and that in fact is what prompted CERT to declare IE as unsafe.  

Mozilla is not immune from similar attacks, though their response has been pro-active and they close security holes before they are exploited.  AFAIK there is no current exploit that will take advantange of file: protocol being available on Mozilla, but there may be some kiddie hacker working on it.  It creates an opportunity; and it should be clear to all of us that work with the technologies of the web that every opportunity will be exploited at some point. I prefer to keep the doors locked except when I actually have to use them.

Cd&
0
 
seanpowellCommented:
Makes sense.

>>are also accessing the internet.
These machines had no outside access, so they were safe. But it's better to be proactive :-)
If the configuration does get set - well, they've been warned...
0
 
Joakim_Commented:
Think about it, Cained. People have to fix that setting before downloading your files. You must think about being user friendly. It's much smarter to use HTTP.
0
 
CainedAuthor Commented:
Yes thank but the problem is that the page is working as a frontend to a file server. They are not very keen on creating a webserver on the fileserver so I have to link it accross. It is all intranet so it should not be prone to attack from outside the company.
0
All Courses

From novice to tech pro — start learning today.