Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 866
  • Last Modified:

Mozilla

I have a website that allows people to download files.

i have a set of links that goes along the lines of <a href=file://servername/folder/file.doc>title</a>
But in mozilla firefox it doesnt want to download the file.
0
Cained
Asked:
Cained
  • 3
  • 2
  • 2
  • +3
1 Solution
 
sajuksCommented:
Try calling it inside a function


<a href="javascript:DownldLink()">This is the link</a>

where
function DownldLink()
{
    location=file.doc;
}
0
 
Diablo84Commented:
i dont think mozilla can handle the file protocol, it should work fine via http

<a href=http://servername/folder/file.doc>title</a>
0
 
Joakim_Commented:
As Diablo84 says...

And do always use http:// or ftp:// or something, never anything else.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
seanpowellCommented:
Just as a reference, in case this ever needs to be handled in an intranet setting:
http://www.unc.edu/ais/directories/mozilla_fix.html
0
 
COBOLdinosaurCommented:
Just as a note for anyone using that link.

The file: protocol is not support without config tinkering, because allowing the file: makes the browser slightly less secure.  There are exploits that can use the file: protocol to access files on the client harddrive without permission.  While I believe those are still limited to IE, there is not reason to believe that some hacker will not try to exploit the security hole presented by enabling the file: protocol

Cd&
0
 
seanpowellCommented:
So, to make sure I follow... if the admin sets the configuration to access that protocol within an intranet, there is still a security risk?
I ask because this was discussed at a recent meeting... so I'm curious as to your take on it.
0
 
COBOLdinosaurCommented:
If the users on the intranet are also accessing the internet and file: protocol is available, we have seen in IE that the normal partitioning through what IE calls zones can be traversed, and at least two exploits emerged did exactly that and that in fact is what prompted CERT to declare IE as unsafe.  

Mozilla is not immune from similar attacks, though their response has been pro-active and they close security holes before they are exploited.  AFAIK there is no current exploit that will take advantange of file: protocol being available on Mozilla, but there may be some kiddie hacker working on it.  It creates an opportunity; and it should be clear to all of us that work with the technologies of the web that every opportunity will be exploited at some point. I prefer to keep the doors locked except when I actually have to use them.

Cd&
0
 
seanpowellCommented:
Makes sense.

>>are also accessing the internet.
These machines had no outside access, so they were safe. But it's better to be proactive :-)
If the configuration does get set - well, they've been warned...
0
 
Joakim_Commented:
Think about it, Cained. People have to fix that setting before downloading your files. You must think about being user friendly. It's much smarter to use HTTP.
0
 
CainedAuthor Commented:
Yes thank but the problem is that the page is working as a frontend to a file server. They are not very keen on creating a webserver on the fileserver so I have to link it accross. It is all intranet so it should not be prone to attack from outside the company.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now