Solved

Mozilla

Posted on 2004-08-09
10
848 Views
Last Modified: 2008-03-03
I have a website that allows people to download files.

i have a set of links that goes along the lines of <a href=file://servername/folder/file.doc>title</a>
But in mozilla firefox it doesnt want to download the file.
0
Comment
Question by:Cained
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
10 Comments
 
LVL 33

Expert Comment

by:sajuks
ID: 11751079
Try calling it inside a function


<a href="javascript:DownldLink()">This is the link</a>

where
function DownldLink()
{
    location=file.doc;
}
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11751398
i dont think mozilla can handle the file protocol, it should work fine via http

<a href=http://servername/folder/file.doc>title</a>
0
 
LVL 2

Expert Comment

by:Joakim_
ID: 11751693
As Diablo84 says...

And do always use http:// or ftp:// or something, never anything else.
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 31

Accepted Solution

by:
seanpowell earned 50 total points
ID: 11753043
Just as a reference, in case this ever needs to be handled in an intranet setting:
http://www.unc.edu/ais/directories/mozilla_fix.html
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 11758020
Just as a note for anyone using that link.

The file: protocol is not support without config tinkering, because allowing the file: makes the browser slightly less secure.  There are exploits that can use the file: protocol to access files on the client harddrive without permission.  While I believe those are still limited to IE, there is not reason to believe that some hacker will not try to exploit the security hole presented by enabling the file: protocol

Cd&
0
 
LVL 31

Expert Comment

by:seanpowell
ID: 11758280
So, to make sure I follow... if the admin sets the configuration to access that protocol within an intranet, there is still a security risk?
I ask because this was discussed at a recent meeting... so I'm curious as to your take on it.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 11758791
If the users on the intranet are also accessing the internet and file: protocol is available, we have seen in IE that the normal partitioning through what IE calls zones can be traversed, and at least two exploits emerged did exactly that and that in fact is what prompted CERT to declare IE as unsafe.  

Mozilla is not immune from similar attacks, though their response has been pro-active and they close security holes before they are exploited.  AFAIK there is no current exploit that will take advantange of file: protocol being available on Mozilla, but there may be some kiddie hacker working on it.  It creates an opportunity; and it should be clear to all of us that work with the technologies of the web that every opportunity will be exploited at some point. I prefer to keep the doors locked except when I actually have to use them.

Cd&
0
 
LVL 31

Expert Comment

by:seanpowell
ID: 11759168
Makes sense.

>>are also accessing the internet.
These machines had no outside access, so they were safe. But it's better to be proactive :-)
If the configuration does get set - well, they've been warned...
0
 
LVL 2

Expert Comment

by:Joakim_
ID: 11771123
Think about it, Cained. People have to fix that setting before downloading your files. You must think about being user friendly. It's much smarter to use HTTP.
0
 

Author Comment

by:Cained
ID: 11771165
Yes thank but the problem is that the page is working as a frontend to a file server. They are not very keen on creating a webserver on the fileserver so I have to link it accross. It is all intranet so it should not be prone to attack from outside the company.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
In this tutorial viewers will learn how to style elements, such a divs, with a "drop shadow" effect using the CSS box-shadow property Start with a normal styled element, such as a div.: In the element's style, type the box shadow property: "box-shad…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question