I would like to open PDF file inside my Django application, something like
file:///...
I know that a lot of posts state that this should not be done because security reason, and that google block this calls with error. link.
But, I know that:
I saw this behaviour so, I know it can be done somehow
I don't have security risk, because application is internal, not connected to the internet (available over lan)
Protocol file:/// wouldn't exist if there wouldn't be a way to use it.
I also read somewhere that you need to put file in 'public' if you would like to access it via this method. Do anyone know how to do this?
file:// is only available for browsers, not servers.
If you want your Django application to access local files, you need to upload them to the Django application server (at which point they're not really local).
(If the application server is running on the same machine as the client, naturally you can use Python's usual file functions to read the local file system.)
JavaScript can also access local files and process them in-browser as long as they're manually selected by the user.
Related
I've created a web application that runs a web service (WCF). The source code is long gone but I just checked that the app itself is still up and running. Given that I have the address to the service (something.azurewebsites.com) and the name of one of the methods exposed (parameterless Ping), how can I learn the location of the WSDL file?
As far I recall, I've exposed it the most common way, the publish file fetched from the suggestion on Azure portal. I'd like to just call the method Ping to verify something, so rebuilding a whole new service seems a bit overkill.
Suggestions on what the exact URL might be? Alternatively, suggestions on a tool to sniff that up?
Go to the Azure portal and find the FTP address for your "something.azurewebsite.net". Then use an FTP program to connect to the server and browse the files. This way you might be able to find the ".svc" file. For that matter, you might be able to download all of your code and use a tool like Reflector to view the .Net compiled code.
I'm developing a Windows intranet application in C++ which needs to download a settings file from a predefined URL hosted on a webserver on the intranet.
This file would be updated every few weeks and I need to get it only if it has changed.
To avoid unnecessary downloads I wanted to know if there is a standard HTTP method to only request the hash of the file to the webserver to prevent a full download if the file has not changed.
I'm still in the design phase and the idea would be to use CURL library on the client to download the file and Apache as a webserver, but I'm also open to other solutions.
I have a few views I want to expose to apps internal to the server cluster. How can I do this securely?
The apps that want to access these restricted views are also using python, so if I can arguably bypass the HTTP tunneling and call directly to them, that's even better. I think these would be better suited as commands if that's the case, but how can another process invoke a Django environment's commands?
Once you load the project's settings you can act as the project itself.
It sounds like you basically want to extract some data from your Django site and use it elsewhere. Perhaps a couple of management commands that periodically output their data in some directory which you can then read from the other python apps? Depends on your data needs whether that's an option.
I'm doing this suggestion as those other apps seem to be on the same server (how could you otherwise run your site's python code from those apps?).
I want my customers to upload some file to my server. My current design is as below:
I make a folder on my server with R/W permission to Anonymous user like this: http://myserver/uploads
Customer contact my web service to indicate they want to upload something, and the webservice returned a path like this: http://myserver/uploads/xxx-xxx-xxx-xxx, the xxx part is a GUID.
But I don't know what to do next? I believe customer has the permission to write to the virtual path returned by the web service, but how could I write my client-side code so that it can actually copy things to that virtual path? My client-side is a Win32 application, not a web page.
What if I want the customer upload files within a web page, how to do that? I know that there's a "PUT" method in HTTP protocol that could be used to upload things to server, but how to use that?
I am new to this kind of web development. I hope I made myself clear. If there's any better design, please let me know.
Many many thanks.
Update - 1 - 0:59 2010/12/27
A similar question: How to upload a file to a WCF Service?
Some possible solutions:
Image Upload Web Service in C#.NET
Upload any type of File through a C# Web Service
Progress Indication while Uploading/Downloading Files using WCF
I would avoid allowing anyone to write files to a directory. I know you have set up permissions to help guard against anything bad happening, but it is still setup to where anyone can read/write to it, not just to person you've told the URL to. Security through obscurity is not a best practice.
What kind of webservice are you using? WCF, SOAP, something else all together? I would have the file upload still be a service call (not just some PUT command to a directory). That way you can still apply security if needed. When you get right down to it, a file is nothing more than an array of bytes, so you can have your web service accept an array of bytes and write it out to the correct location. If I had a better idea of what technologies you are using (php, asp.net, jsp, etc) Then I might be able to make more precise recommendations.
HTH
You can use SOAP attachments, or if not using SOAP, something similar - specifying filename, content type and binary data, Base64-encoded.
I am trying to create simple flex application, which uses django as a back-end part. Have a question:
Usually when I run my application Flex Builder creates a file in a directory on my local PC and then opens a browser and points to it. Everything was fine, but when I decided to link django server to flex applications via xml data providers I started to get security errors. (Related to absence of crossdomain.xml). When I created the file and put it on the server:
<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="http://127.0.0.1:8000"/>
<allow-access-from domain="127.0.0.1"/>
</cross-domain-policy>
Then tried the application again, I got error in console of my FB Error: Request for resource at http://127.0.0.1:8000/go/active/ by requestor from file:///Users/oleg/Documents/FB3/usersList/bin-debug/usersList.swf is denied due to lack of policy file permissions.
I don't know how to fix the error. But also the question is there a way to configure FB3 to put my swf files to the server directly, so I will not need any crossdomain?
Thanks
Oleg
We struggled with this a lot. The Flex security stuff didn't strike me as well built, but perhaps we just had different approaches in mind than Adobe's developers. The solution that worked for us was to serve both the SWF and the dynamic data from the same host and port.
On our development boxes, we tell Apache to serve the SWF from a directory in the workspace, and the dynamic data from a local copy of the app. When we push to production, SWF and app get pushed simultaneously to the same virtual host.
If that's inconvenient for you, the Apache ProxyPass directive can be used to make Apache front for other servers. I've not used that in production, but it's been very handy for developer setups.
I don't know a way to get FlexBuilder to automatically deploy your changed SWF; you could certainly look into an automation approach (like Maven and Flex-Mojos) to make that happen.
That said, getting rid of that error is usually just a matter of adding a policy file to the server.
The second error is caused because you're trying to fetch http resources from a "file" location. My recommendation is that you change your Flex Builder project so it outputs to a location within the Django web site, rather than to the flex-bin directory. This setting can be changed in the properties dialog of the project. Then, you should be able to have your front-end and back-end share the same protocol and domain.