Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I would like to ask you if it is possible such a thing...
I have the link of some pdf document (for example) www.website.com/folder/document.pdf
When I cut the previous link to www.website.com/folder/ it should show me the folder which must contain a document.pdf, but it doesn't show me anything.
Is it possible for me to see all the documents in that directory www.website.com/folder/ although this is hidden?
A web server can manage resources any way it sees fit, and www.website.com/folder/ is not necessarily a directory on the web server's machine. It's part of the Uniform Resource Locator http://www.website.com/folder/document.pdf and need not be a valid resource locator itself. For example, a web server could store all documents in a DB, and match the path to a particular table.
Even if your assumptions, that parts of a resource locator refer to directories on a web server were true, a web server can still (and usually does) deny clients to list directory entries.
If you don't control the web server, then your goal is not generally possible.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm writing a web service which is a sort of HTTP proxy: it takes an arbitrary URL from the user, loads some data from that URL and shows it to the user. Also I have some web services in my local network which I don't want to be viewed outside. The issue is that the user may input something like http://my-service.com?url=http://127.0.0.1:9292 and access the local services. How can I prevent that (in the most general and portable way)?
Put the service in a DMZ so you can control what it is able to access at all: https://en.wikipedia.org/wiki/DMZ_(computing)
Also resolve the domain names to IPs - and blacklist all internal subnets in addition to the physical separation
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 13 hours ago.
Improve this question
Despite many attempts, I can't seem to make any adobe EdgeAnimate composition work on Amazon S3. I appreciate a website hosted on S3 must be static, but looking through the code exported by EdgeAnimate, no sever side aid is needed. It's just HTML, JS, CSS files, all of which I use in websites that work without problems on S3.
All files are of course publicly accessible and the bucket is configured as a website.
Perhaps a CORRS config or an included XML file may fix it, but I've no experience with either (same goes for PHP, SQL etc..hence the need to run off S3).
I've posed the same question on AWS and Adobe forums, to no avail, so here goes a final attempt. Any suggestions will be gratefully received.
Thanks in advance.
Forum Links -
Amazon - https://forums.aws.amazon.com/thread.jspa?threadID=143338
Adobe - http://forums.adobe.com/thread/1373062
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 11 months ago.
Improve this question
I wish to write a web service server (using http protocol) in OCaml.
For a simple example, I want to write a http server. User can access it and provide parameter like http://myservice.com?i=1&j=2. Then my server get the request and parameters and calculate i+j and return the result.
Of course, my service will be more complicated for the calculation part. Instead of this simple example of calculation, what I really need to do is to
access the database (MongoDB) to get some data
access another 3rd party web service to get more data
calculate all data to get a result and return to the user.
So, I also need to consider parallelism / multi-threading, although I want to start with simple case first.
My questions are:
Which library should I use to first set up such a http server? I have looked into Ocamlnet 3 and think it might be a good candidate, but it lacks good tutorial and I still don't know how to use nethttpd or netplex etc.
How should I design the architecture of my web application? I know OCaml is not good at parallelism, then how can I make each service instance not blocking?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I am looking to build a webapp to improve user experience in booking railway tickets in India. The API is impossible to get due to hefty charge to procure it. I have seen many apps that provide details of the trains etc through their apps.
My Question is how are they scraping data from the website.In general how can I legally get data shown to user (I don't want payment and stuff that are impossible without API) on any website. How do people scrape such data? Any tools/methods?
Bear with me if question is naive. I'm pretty new to this stuff.
They can get the train schedule information using any one of several programming languages though it is most likely done with ordinary PHP and any good webserver host. For example all indian train schedules can be found on the indianrail.gov website.
Sending a specially built URL to ..
http://www.indianrail.gov.in/cgi_bin/inet_trnnum_cgi.cgi?lccp_trnname=1123
using the POST method of sending form data should give you all the details for train number 1123 After that it becomes just a simple task of tidying up the results for storage in a database.
Update: well armoured site its checking both the user agent and referer of inbound requests.
Ammendum: the indianrail.gov site is changing to http://www.trainenquiry.com/ -> will have to take another look
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I'm currently in the decision of under what license I should release a .NET client software that accesses our web service. The best way to describe my situation would be like Dropbox, as they have a client software that simply allows users to access their web service.
I'm not sure whether the best decision is to go open source on this to promote growth, support, etc or to keep the source closed with some to help reduce the number of non-official clients running specifically meant to misuse / abuse the webservice backend.
(If it helps any the client software will be computing and sending data to a backend, so tampering of the submitted data would be best kept at a minimum.)
Pros, cons, and suggestions are welcome
Isn't there a way to work with sessions in a webservice? If you could implement that, you could make the users of the client login first to your webservice (via the client application), and then only make the functionalities available after a successful login. That way, should you decide to release an open source version, you will greatly reduce the risk of rogue clients already.
As for the decision whether to go open source or not, that's entirely up to you, but I don't think the choice should affect security.