Forum Moderators: phranque
I've managed to create a hyperlink that will open a folder on the webserver as if it was in Windows Explorer on the client PC and allow files to be dragged and dropped. This seems too good to be true - is there a catch? Security issues maybe?
Or FTP? ftp://server/path/to/files
I can't help you more until you provide some more information.
I'm using links like \\server\path\to\files and also file://server/path/to/files which seems to do the same thing.
Making directories available like this seems like a great way for the extranet users to upload and download files, but in my research on the subject I've not come across anyone suggesting this as a way to do it, so I'm wondering if there's a downside to it.
I've read about web folders, WebDAV etc but I'm still rather confused about it all I'm afraid. Basically the users want to be able to access a particular directory on the server via the extranet and download files, work on them and upload them again. I know there are lots of third-party utilities for doing that but this method seems a lot easier. Is there a catch?
First, I need need to clarify something. Is this an extranet or an intranet? Extranets face outward, to the public, whereas an intranet is typically only accessible by internal computers, agents, and partners.
Depending on which kind of 'net it is, will determine what is happening to be good or bad.
The paths that you mentioned are UNC paths (see [en.wikipedia.org...] for more info), and only recognizable in windows (for the most part). Not sure if that's an acceptable limitation to you so far.
The other problem you may encounter with this is that what happens when a UNC path is encountered. As you have already seen, explorer opens up and users can drag and drop files with ease. This functionality is limited to your local network (or at least should be), and to users who are within the corporate network. The protocol is now no longer HTTP, but in fact is NetBIOS ( [en.wikipedia.org...] ). It's what is used when you access a "shared folder" on another windows computer.
The problem with this protocol is that it is likely blocked by most ISPs, since NetBIOS traffic has no business circulating the internet. So, if anyone outside of your corporate network/firewall are trying to access this resource, they won't be able to, nor should they be able to (it's a pretty big security hole).
So basically, if it's an INTRAnet, and only authenticated users on your local network will use this, then that's great. Works like a charm.
If it's an EXTRAnet, for use by people outside of your network, it's a bad idea and you should consider using something else.
Another thing you may want to consider is that you may want to use a web-based form system for managing the files. WebDAV, IMO, is not that great, especially when you can build a web form quickly and easily that will let you upload files and so on. This would allow you to build extensive functionality to your system as well. I know you may not be a programmer, but consider going this route, especially if you want to maybe add access control, versioning, etc. There are also many freely available pre-made applications you can use as well, I'm sure.
For a simple example with PHP, see [zend.com...] . It should give you an idea of what you can do with it!
I know it's not a very detailed explanation, but there are all sorts of other things that come into play with all of this. :)
I hope this helps you somewhat!
Matt
Thanks very much for your reply - it was very helpful and plenty detailed enough for my current level of understanding!
To answer your questions: yes, it is an extranet but only for use by staff working remotely who already have access to the network (ie authenticated users).
And it does work over the internet. My client was in his office and the site was on my server and he was able to drag and drop files onto it just fine. But maybe we were just lucky in our choice of ISP's!
All the time I've been working on this I've had the feeling that there must be a catch and you've confirmed it unfortunately.
One more question: if I set up a virtual directory in IIS which pointed at the relevant physical directory, and then linked to that would it be any different or would it still use NetBIOS?
Oh and one more question: how do WebDAV and web folders relate to all this? I kind of had the feeling that this is what web folders are for...but I expect I've misunderstood something.
Thanks again for your help - it's much appreciated.
One more question: if I set up a virtual directory in IIS which pointed at the relevant physical directory, and then linked to that would it be any different or would it still use NetBIOS?
I believe it would still be using NetBIOS, since the underlying protocol as soon as you use a UNC path (\\server-name\path), you're now using NetBIOS.
Oh and one more question: how do WebDAV and web folders relate to all this? I kind of had the feeling that this is what web folders are for...but I expect I've misunderstood something.
WebDAV, although I've only used it once or twice before, is pretty easy to set up. I don't know from personal experience how well it's integrated into IIS or Active Directory, since I only use Apache, but from what I've read ( MS WebDAV in IIS [microsoft.com] ), it seems to integrate nicely.
You could set up webDAV in IIS, and try it out. It shouldn't affect anything overly much, since from what I can tell, your system is already in a testing phase anyway. Set it up, try it out both from in the office and out in the world. See what the authentication is like; try to break things.
Oh, and consider using HTTPS. I know it's yet another thing to learn, but it is something you'll have to learn sometime, especially if usernames, passwords and potentially sensitive files are flying about all over the place. :-) Check out This [answers.google.com] For more info.
Cheers!
MM
