下载文件保存到磁盘时的浏览器事件 [英] Browser event when downloaded file is saved to disk
问题描述
我有敏感文件下载给用户,每个用户只允许下载一个给定的文件一次。如果下载失败,我想允许重新下载,但不允许重新下载。
I have sensitive files to download to users, and each user is permitted to download a given file exactly once. If the download fails, I want to permit the re-download, but not otherwise.
依靠日志/处理文件下载请求在服务器上 - 我需要确定性地确定文件何时完成并在客户端就位,因为我的许多用户在频繁连通性下降的环境中工作。
It's not sufficient to rely on logging/processing the file download request at the server - I need to know deterministically when the file is complete and in place at the client, since many of my users work in an environment with frequent connectivity drops.
最直接的方法是,如果浏览器从另存为...对话框中显示一个文件保存事件,可以将其连接到下载页面上的JavaScript函数(可以发布回到服务器)。但是,直觉表明,如果浏览器暴露了这个功能,那么它可能会有安全漏洞,因为它在沙箱之外偷偷摸摸。我不知道这是甚么可能的。
The most straightforward way for this to work would be if the browser exposed a "file saved" event from the Save As... dialog that could be wired to a JavaScript function on the download page (which could post back to the server). But, intuition suggests there might be security holes if browsers exposed this functionality, as it sneaks somewhat outside the sandbox. I'm not sure this is even possible.
我 found 几个 其他 问题 在这个区域,但没有任何关于这个问题具体。
I found several other questions in this area, but nothing about this problem specifically.
任何想法?
编辑:我不应该在原始问题中使用security一词,不幸的是触发了红色的鲱鱼。
I should not have used the word "security" in the original question, sorry for triggering the red herrings.
编辑2:我的安全措词被误导为脱离技术安全问题,但你们都确认了我的怀疑不,没有浏览器支持。我的第一个评论者是第一个评论者,因为他的第一句话是我正在寻找的。感谢所有。
Edit 2: My "security" phrasing misled folks into offtopic technical security issues, but both of you confirmed my suspicion that "no, there's no browser support for that." I'm marking the first commenter with the answer since his first sentence had what I was looking for. Thanks all.
推荐答案
JavaScript中没有这样的浏览器事件,即使你不能相信用户的浏览器提供安全对于您而言。
There's no such browser event in JavaScript and even if there was you can not trust the user's browser to provide security for you.
您最好使用GUID为每次下载生成唯一的网址。您可以这样做:
You're better off using a GUID to generate a unique URL for each download. You can then for example:
- 让网址只在特定时间段内有效
- 允许仅从与唯一网址相关联的特定IP地址进行传输
- 让您的服务器端代码检测到唯一网址的内容何时已完全传输,然后使URL无效。 li>
- let the URL be valid only for a specific time period
- allow transfers only from a specific IP address associated with the unique URL
- let your server-side code detect when the content for a unique URL has been fully transferred and then invalidate the URL.
让我澄清最后一个项目符号。假设你正在使用Java - 你将在$ code> in.read(buffer)和 out.write(buffer)循环直到EOF。如果客户端断开连接,您将在 out.write()中收到 IOException ,并能够成功下载从中断的一个。在其他平台上,我确定有办法判断连接是否丢失。
Let me clarify the last bullet. Say you're using Java - you will in.read(buffer) and out.write(buffer) in a loop until EOF. If the client disconnects you will receive an IOException during out.write() and will be able to tell a successful download from an interrupted one. On other platforms, I'm sure there are ways to tell whether the connection was lost or not.
编辑:浏览器事件使用其中一个您链接的问题。然而,这不是限制下载次数的可靠解决方案。
You could actually fire a browser event using the trick outlined in the accepted answer of one of the questions you linked to. That would however not be a reliable solution to limit the number of downloads.
这篇关于下载文件保存到磁盘时的浏览器事件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
