Controlling the Location of Files Uploaded via a Web Application

If your JADE application accepts file input in text boxes on a Web page (by using the webInputType property of a TextBox control with the Web_InputType_File setting to upload a file from a Web session), you can use the FileTransferDirectory parameter in the [Jadehttp Files] section of the jadehttp.ini file to specify the directory to which the file is written.

This parameter controls the directory in which any files transferred using the HTML InputType=file option are placed. (This parameter applies only when the Firewall parameter in the [Jadehttp Files] section of the jadehttp.ini file or the Firewall configuration directive in the JADE mod_ jadehttp module is set to false.) By default, any transferred files are placed in the same directory as the jadehttp library file or the JADE mod_ jadehttp module.

The format of the text property value of the TextBox control is as follows.

<source‑file‑name>;<destination‑file‑path><destination‑file‑name>

The source‑file‑name value is the name (excluding the path) of the originating file on the client workstation from which the file was loaded (that is, the workstation that is running the Web browser). A semicolon character (;) separates this and the destination‑file‑path and destination‑file‑name values, which are the full path to which the file is written (uploaded) and the name of that file; for example:

UsefulStuff.doc;d:\jade\bin\txf188.tmp

In this example, accessing the txf188.tmp file in the specified directory opens a document file that contains the information in the UsefulStuff.doc file uploaded via the Web browser.

To provide increased security for applications running in HTML thin client mode, a text file input by using the TextBox class webInputType property with a value of Web_InputType_File must be processed in the event that resulted in the file upload occurring (for example, in the click event method of a Completed button). In addition, set the value of the Trace parameter in the [Jadehttp Logging] section of the jadehttp.ini file to false to suppress logging completely. When the value of this parameter is set to true, logged messages acknowledge only that a message has been received or sent, because it is not possible to distinguish what is sensitive data and what is not. Setting this parameter to true does not include any of the text sent or received from the client, as this text could contain personal information, passwords, credit card details, and so on.

To prevent malicious use of files uploaded to Web-enabled applications, the files are removed as soon as the event that resulted in their upload has completed. You should therefore process the file immediately or move it into a directory that is not available from the Web if you require that file for future processing.