NetTalk Central

Author Topic: webservices : file upload and download though methods  (Read 3650 times)

AtoB

  • Jr. Member
  • **
  • Posts: 74
    • View Profile
    • Email
webservices : file upload and download though methods
« on: December 01, 2016, 12:59:37 PM »
Hi All,

I need to features added to my webservices:

1 a method to upload files:
client can send in files, currently one at a time (per request), I validate some key. and place this file in a folder on the server (I don't care where it as long as serving the file is possible via method two)

2 a method to download the most recent uploaded file (via method 1)
From all files updloaded (by method 1) I want the most recent one to be served to the client. So Client simply call GET wsGlobal\MostRecentFile and my application serves this (

File uploading/downloading is only allowed via these methods (client has to provide an api-key, that's the easy part ...), the uploading is not a problem either, I got that covered. But I'm not sure where to store the files (inside the web folder or not) and how to serve (not determine which file it is ...)  a file via a webservice method, without introducing security risks.

- should I store these files inside the "\web" folder? Best not to I guess, because I can't protect folders in there. If someone guesses the foldername and filename they can fetch it with a browser (and without an api-key), right?

- how can I return a file (just as if it was fetched like any other file directly from the \web folder "below" the app) to a http(s) client via a service method. Is this what the "stringtheory" return parameter is used for? Should I "encode" this object first before it is return to the client?

Thanks in advance,
regards,
Ton

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: webservices : file upload and download though methods
« Reply #1 on: December 12, 2016, 02:32:51 AM »
Hi Ton,

>> But I'm not sure where to store the files (inside the web folder or not)

if the file is only accessible via the API then I would store it outside the web folder.

>> and how to serve a file via a webservice method

I would set the method to return a StringTheory object, then load the file into that and base64 encode it before returning it.

>>  without introducing security risks.

clearly if the file you receive is malware then the file you'll send back will contain the malware.
So, not sure what risks you are trying to minimize...

cheers
Bruce