[jcifs] Right click bypasses security and downloads file

Bruce Altner baltner at hq.nasa.gov
Fri May 10 08:06:08 EST 2002


I have a newly discovered problem with my file download page. My 
application spawns several windows after the user logs in and one of these 
is a list of files (SmbFile)  that the user may download from the NT server 
by clicking on the file name. Unfortunately, what I discovered was that  if 
the user logs out in a different window this doesn't close the fileList 
window (we can't use Javascript...it's a requirement) so it stays open and 
the user (or anyone else) could still download files.

To fix this I put a conditional in my download class which tests whether or 
not the user is still logged in. If not, it throws the user back to the 
login page. Great. I thought I was done. HOWEVER, this fix fails when the 
user right clicks on the file. Apparently this bypasses all of the code 
that does the downloading (e.g. SmbFileInputStream), as seen by inserting 
System.out.println statements  which are not executed. So if this is being 
skipped, how is it that the files are still downloading? This happens in 
both IE and Netscape.

How is this happening? Any clues?


-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list