Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Re: Getting CGI to name a file it returns

by cLive ;-) (Prior)
on Jul 17, 2001 at 11:59 UTC ( #97265=note: print w/replies, xml ) Need Help??

in reply to Getting CGI to name a file it returns

This may be too obvious, but why not output/copy the file to a randomly created temp dir in your web site and then print a Location header that points to it? Using CGI:
print CGI::redirect('http;//my.url.of.temp.file');
If MIME type is unknown, browser will then ask you to save, using same filename.

Or am I missing something?

cLive ;-)

Replies are listed 'Best First'.
Re: Re: Getting CGI to name a file it returns
by trantor (Chaplain) on Jul 17, 2001 at 20:28 UTC

    First you have to actually create a file under your server's DocumentRoot, which could not be as obvisous as it seems if you don't have the permissions.

    Second, the file is potentially visible by other users too, and you must remember to erase it. Otherwise the filesystem will fill up and the file would be at other client's perusal.

    Third, you must carefully choose how to create the temp dir, or the same problems/race conditions associate to temp files would potentially show up.

    Fourth, MIME headers are so cool in this context :-)

    Nonetheless your solution is probably the quickest, but a security-proof implementation can be more painful than it seems. <SIGNATURE>-- TIMTOWTDI</SIGNATURE>

      Apologies, I left out full details, but assumed from mentioning 'temp dir' that that was implied.

      1) if you chmod the temp dir 777, that's not a major issue(if you have no control over server) - security, see below

      2) that was why I mentioned temp - sorry, implied, but not stated

      3) just run a clean up on if every now and then to remove files older than x minutes... (also removes any files that can be theoretically placed there by other users)

      Funnily enough, I have to do this myself now, and I'm using a session cookie and piping the file from above the web root. But that seemed quickest at the time. So I'll be trying the QS version out...

      TIMTODI ;)

      cLive ;-)

        I don't really see where this is a better solution than what's been suggested. There's a lot of overhead involved in copying, not to mention the fact that you'll need extra code to clean whatever directory you're temporarily storing the files in. If the files are left in temp for any length of time, then you're running the risk of unauthorized users being able to acces the file.

        In the situation I have at work, we have to verify that users are allowed to access files. We went through several ideas before settling on a CGI that takes advantage of Content-Disposition.
        1. Idea #1 - Put the file storage into web space.
          • Requires some nasty messing with .htaccess files and the such.
          • Inherent security issues of putting things in web space that don't belong there.
        2. Idea #2 - Copy each file into a temp area as it's requested and create a link on the fly.
          • Aforementioned security issues
          • Our files are large. The I/O overhead of copying multi-megabyte files all over the file system wasn't very attractive.
          • Collision. We have files with the same name spread out over different projects. Sure, we could add numbers and such to the copied file name, but our users have told us that's not a good solution.
        3. Idea #3 - Use a CGI process to access files in the filesystem and send them directly to the browser.
          • Quick, painless, and practically void of the problems mentioned above.

        Negaterd character class uber alles!

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://97265]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (3)
As of 2022-05-28 01:10 GMT
Find Nodes?
    Voting Booth?
    Do you prefer to work remotely?

    Results (98 votes). Check out past polls.