This question already has answers here:
How to create my own file extension like .odt or .doc? [closed]
(3 answers)
Closed 8 years ago.
I'm on my way in developing a desktop application using netbeans(Java Dextop Application) and I need to implement my own file format which is specific to that application only. I'm quite uncertain as to how should I go about first.What code should I use so that my java application read that file and open it in a way as I want it to be.
If it's character data, use Reader/Writer. If it's binary data, use InputStream/OutputStream. That's it. They are available in several flavors, like BufferdReader which eases reading a text file line by line and so on.
They're part of the Java IO API. Start learning it here: Java IO tutorial.
By the way, Java at its own really doesn't care about the file extension or format. It's the code logic which you need to write to handle each character or byte of the file according to some file format specification (which you in turn have to writeup first if you'd like to invent one yourself).
I am not sure this directly addresses your question, but since you mentioned a custom file format, it is worth noting that applications launched using Java Web Start can declare a file association. If the user double clicks one of those file types, the file name will be passed to the main(String[]) of the app.
This ability is used in the File Service demo. of the JNLP API - available at my site.
As to the exact format of the file & the best ways to load and save it, there are a large number of possibilities that can be narrowed down with more details of the information it contains.
Choosing a new/existing file extension does not affect your application (or in any case anyone's). It is upto the programmer what files he wants his app to read.
For example, you may consider you can't read a pdf or doc directly as a text file....but that is not because they are written/ stored differently, but because they have headers or characters which your app does not understand. So we might use a plugin or extension which understands those added headers ( or rather the grammar of the pdf /doc file) removes them & lets our app know what text (or anything else) it contains.
So if you wish to incorporate your own extension, & specifically want no other application to be able to read it, just write the text in a way that only your program is able to understand. Though writing a file in binary pretty much ensures that your file is not read directly just by user opening a file, but it is however still possible to read from it, if it is merely collection of raw characters.
If you ask code for hiding a data, I'd say there are plenty of algorithms you might use, which usually get tagged as encryptions cause you are basically trying to lock/hide your stuff. So if you do not really care for the big hulla-bulla, simply trying to keep a file from being directly read & successful attempts to read the file does not cause any harm to your application, write it in binary.
Related
I've been trying to do this in a liferay module project. By making an input type=file in my view.jsp and saving it in a java File variable but i can't get it to work. Is this possible? and if yes, how?
So far i've looked for a paramutil method that i can use but there don't seem to be any. And i've tried to use request.getParameter but this doesn't allow for the type File to be used. After that I tried to create a upload request and fill it with the data from the form. But this also didn't work for me.
I wanted to make a form in my jsp file and let people upload a file via the input and let my java code run on submit to add the file to the documentlibrary.
A java File (as in java.io.File) is an abstraction for a pointer to something sitting on your file system. When you upload data in a portlet or any other means in a web application, you're first dealing with a stream of data that usually has no representation on the hard drive (unless you explicitly store it there). Thus, ParamUtil will not reveal anything of type File, because that's - by definition - not part of a http request.
There is a lot of upload sample code, that you might need to adapt to the version you're running (for example this) - but you'll first need to understand that you're not looking for any representation of data on your hard drive.
Hey Everyone I am using angular 5 and Java 8 for my application. While uploading a file fro front end i want to restrict malicious or junk file upload into my database using Java. Please help me with.
Short of not accepting uploaded files, there is no sure way of doing this.
OK, now having said that, :), sure it is practically needed to accept uploaded files. In this case, 2 primary things that need to be focused on:
Keep the server safe from compromise
Keep the user using the application safe from compromise
To keep the server insulated from compromise, as far as possible (through design) don't accept file uploads that will be internally used by the server e.g. data in CSV format, XML configurations .... instead try to provide an UI to take the data (of course CSV data cannot be taken from UI)
If you have to take uploaded files and do not need to use it on server, Base64 (or other encoding) and keep it on;y to decode and serve up. This ofcourse does not prevent the user from getting compromised through maliciously engineered files.
For this, first you need to know what type of file it is, use content detectors e.g. like Apache Tika. However, first you need to limit your attack surface by accepting only certain type of files (try to limit it to the smallest set as possible). Once you receive a file try to detect its content. By practice, if the content cannot be detected, the file should be rejected.
Once the content is detected, the further analysis and countermeasures are dependent on the format (different formats have different vulnerabilities associated with the popular applications they are accessed with), a case in point is CSV Injection.
As last point, the above does take very considerable investment in the implementation, update and maintenance of the mechanism, security is not free.
Do make a cost benefit analysis of the loss due to compromise versus the cost of the security mechanism.
As a general principal, appropriate level of security needs to be used for appropriate asset value.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions must demonstrate a minimal understanding of the problem being solved. Tell us what you've tried to do, why it didn't work, and how it should work. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I want to recover files from a disk by Java without using native libraries
I'm doing this using Java 8
As far as I know deleted files remain on the disk until they are overwritten
I have direct access to disk on linux and I can read raw data, but, how can I parse deleted files on an ext4 or NTFS file system for example?
Thanks.
Recovering deleted files requires knowledge of how the underlaying file system is implemented, so you have a bit of reading to do before you can get anywhere.
In theory, YES, you can definitely do this in pure Java; you just need to find out how to read data from a raw disk, bypassing the file system. On a Unix system this is simple: open the device node as a file (you'll need root permissions) and just read. On Windows there is probably a similar process; at worst you'll have to create a helper library in C or C++ to read the data for you.
Once you get access to the raw data, look up how files are stored in your particular file system and start looking for similar patterns in the data that you read.
This is not something you can do in an afternoon though.
Update: How to bypass the file system.
On a Unix system you can read from a partition or volume like this:
InputStream sda1 = new FileInputStream("/dev/sda1");
int firstByte = sda1.read();
On Windows you would read from \\.\PhysicalDisk0. From Naming Files, Paths, and Namespaces:
Another example of using the Win32 device namespace is using the CreateFile function with "\\.\PhysicalDiskX" (where X is a valid integer value) or "\\.\CdRomX". This allows you to access those devices directly, bypassing the file system. This works because these device names are created by the system as these devices are enumerated, and some drivers will also create other aliases in the system. For example, the device driver that implements the name "C:\" has its own namespace that also happens to be the file system.
APIs that go through the CreateFile function generally work with the "\\.\" prefix because CreateFile is the function used to open both files and devices, depending on the parameters you use.
If you're working with Windows API functions, you should use the "\\.\" prefix to access devices only and not files.
Most APIs won't support "\\.\"; only those that are designed to work with the device namespace will recognize it. Always check the reference topic for each API to be sure.
I don't know if the Java API is implemented using CreateFile or if it does some name mangling that means you can't access the device namespace. In the worst case you'll have to create a wrapper library that calls CreateFile and turns the HANDLE it returns into a file descriptor that can be used in Java; that's no work at all.
Files by definition are named sequences of bytes stored on permanent storage device.
Files are managed by OS component named file system. File system operates with term "file" and translates this term to lower level terms like volume, sector, block etc.
Mapping between file name (and path) and blocks on your disk where the information is actually stored is named files table and is managed by file system.
When you delete file you ask file system to remove appropriate entry from file table. This means that indeed the file content is not deleted from disk physically and if you are lucky enough can probably be restored. Why probably? Because once the file entry is removed from the table the space occupied by file can be re-used and therefore other information can be stored there.
There are tools that try to restore the information. These tools work on level under file system, i.e. use lower level APIs. Probably they are talking directly to driver. Java does not provide API for doing this.
Therefore you have the following solutions.
Implement this task in native language.
Use existing tools that do this task and provide either API or command line interface.
While trying to come-up with a servlet based application to read files and manipulate them (image type conversion) here is a question that came up to me:
Is it possible to inspect a file content and know the filetype?
Is there a standard that specifies that each file MUST provide some type of marker in their content so that the application will not have to rely on the file extension constraints?
Consider an application scenario:
I am creating an application that will be able to convert different file formats to a set of output formats. Say user uploads an PDF, my application can suggest that the possible conversion formats are microsoft word or TIFF or JPEG etc.
As my application will gradually support different file formats (over a period of time), I want my application to inspect the input file instead of having the user to specify the format. And suggest to user the possible formats of output.
I understand this is an open ended, broad question. Please let me know if it needs to be modified.
Thanks,
Ayusman
Yeap you can figure out the type without an extension using the magic number.
Also, the way the file command figures it out, is actually through a 3 step check:
Check for filesystem properties to identifie empty files, folders, etc...
The said magic number
In text files, check for language in it
Here's a library that'll help you with Magic Numbers: jmimemagic
I have a web application in GWT and a complementary desktop client also written in Java (so the same solution basically applies to both). In my program users can attach files, then download them later or do whatever. These files are stored as blobs and can be in just about any format. Many of the users that use Excel and Word want to be able to open the file, make changes, then have those changes stored back in the attached file. In other words, need an inline editing of attachments.
Any ideas on how to make this happen? Should I have an 'edit' mode that keeps a file handler while the file is open, and then store that File handler? Some way keeping track of whether the file is changing, or not?
Sorry about the late response. Amol >> I have that going. I want to save directly back to a blob as if it were a filehandle. Thought that was clear in my question.
I have decided that this is almost impossible with a web application without writing some kind of client interface for each and every potential file type - word, excel, pdf, graphics, etc...