Solved

Mozilla

Posted on 2004-08-09
10
837 Views
Last Modified: 2008-03-03
I have a website that allows people to download files.

i have a set of links that goes along the lines of <a href=file://servername/folder/file.doc>title</a>
But in mozilla firefox it doesnt want to download the file.
0
Comment
Question by:Cained
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 33

Expert Comment

by:sajuks
ID: 11751079
Try calling it inside a function


<a href="javascript:DownldLink()">This is the link</a>

where
function DownldLink()
{
    location=file.doc;
}
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11751398
i dont think mozilla can handle the file protocol, it should work fine via http

<a href=http://servername/folder/file.doc>title</a>
0
 
LVL 2

Expert Comment

by:Joakim_
ID: 11751693
As Diablo84 says...

And do always use http:// or ftp:// or something, never anything else.
0
 
LVL 31

Accepted Solution

by:
seanpowell earned 50 total points
ID: 11753043
Just as a reference, in case this ever needs to be handled in an intranet setting:
http://www.unc.edu/ais/directories/mozilla_fix.html
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 11758020
Just as a note for anyone using that link.

The file: protocol is not support without config tinkering, because allowing the file: makes the browser slightly less secure.  There are exploits that can use the file: protocol to access files on the client harddrive without permission.  While I believe those are still limited to IE, there is not reason to believe that some hacker will not try to exploit the security hole presented by enabling the file: protocol

Cd&
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 31

Expert Comment

by:seanpowell
ID: 11758280
So, to make sure I follow... if the admin sets the configuration to access that protocol within an intranet, there is still a security risk?
I ask because this was discussed at a recent meeting... so I'm curious as to your take on it.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 11758791
If the users on the intranet are also accessing the internet and file: protocol is available, we have seen in IE that the normal partitioning through what IE calls zones can be traversed, and at least two exploits emerged did exactly that and that in fact is what prompted CERT to declare IE as unsafe.  

Mozilla is not immune from similar attacks, though their response has been pro-active and they close security holes before they are exploited.  AFAIK there is no current exploit that will take advantange of file: protocol being available on Mozilla, but there may be some kiddie hacker working on it.  It creates an opportunity; and it should be clear to all of us that work with the technologies of the web that every opportunity will be exploited at some point. I prefer to keep the doors locked except when I actually have to use them.

Cd&
0
 
LVL 31

Expert Comment

by:seanpowell
ID: 11759168
Makes sense.

>>are also accessing the internet.
These machines had no outside access, so they were safe. But it's better to be proactive :-)
If the configuration does get set - well, they've been warned...
0
 
LVL 2

Expert Comment

by:Joakim_
ID: 11771123
Think about it, Cained. People have to fix that setting before downloading your files. You must think about being user friendly. It's much smarter to use HTTP.
0
 

Author Comment

by:Cained
ID: 11771165
Yes thank but the problem is that the page is working as a frontend to a file server. They are not very keen on creating a webserver on the fileserver so I have to link it accross. It is all intranet so it should not be prone to attack from outside the company.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
In this tutorial viewers will learn how to code links for mobile sites that, once clicked, send a call or text to a specified number. For a telephone link (once clicked, calls a number), begin with a normal "<a href=" link tag. For the href, specify…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now