Quote:
|
Originally Posted by Eric the Red
Note: I'm really bad at this website stuff. But I know this much. I update my website through FTP using "FileZilla", where I can add a .html file to my folder online. However, is it possible for a java applet/ application to be able to connect to this website and update it?
I'm a complete noob at this website stuff, so any help would be greatly appreciated. Just put it this way, before today I didn't even know how upload to my website.
|
Just a note: if you're using Windows, you generally don't need a third-party FTP client. In Win2000/XP, at least, using 'My Network Places' allows you to set up shortcuts. Of course, if you want to do more sophisticated operations than copying files to/from your webspace, a third-party client might be worthwhile.
That said, you have three options. If you've got web hosting as part of the package from your ISP (comes with many, if not all, broadband accounts), you will likely not have any server-side scripting ability. In this case, you will need to upload the data through the prescribed method, which is FTP for you (some allow HTTP PUT operations). If you want to do this from code, you will need to negotiate the connection, submit your username and password, read the contents of the file, modify it, and then send the new contents. This means your username/password will be available to anyone who decompiles your Java .class file(s) where this information is stored, or perhaps even any script kiddie with a hex editor. In other words, this is not a secure option, at least not if you want to distribute the code to anyone you trust.
The second option is only available if you have some kind of server-side scripting support on your site, which will most likely be the case for bona-fide web hosting, but not for most ISP bundled-with-account webspace. Using this technique, you can have the program submit the data in the same way a browser submits form data to the server: through the URL (the 'GET' method), or through the HTTP header (the 'POST' method). If your site supports ASP, ASP.NET, JSP, and/or CGI, you can use this method. Once you submit the data to your site, the server runs the appropriate script to process the data, and then sticks it in a file or updates a database that resides on the server (most web hosting that allows server-side scripting also provides some database functionality such as MySQL). The only potential problem with this method is that it is possible for an attacker to submit bogus data through the browser (if the data is passed in the URL) or by passing a bogus header (which can be done by various means, like TELNET). One way to discourage this might be to scramble the data in some way, and add additional data that would act as a verification, in a similar way to a checksum or hash. That way, the attacker could only re-submit the same result (and if the server-side script scanned for duplicate entries, it could reject it), but making up new results would be quite difficult.
The third possibility is a mix between the two. Find someone with 'real' web hosting, and have your program submit the results there. You could still link from your site, and the remote script could generate actual HTML output to add content to your site (a table of high scores, for example).