Java + Apache Commons Net: Read FTPFile Without Downloading [closed]

Question

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.

Closed 8 years ago.

Using Apache Commons Net 3.2, my program is connecting to an FTP server and downloading files from it.

What it should be able to do, however, is to read the files on the server WITHOUT downloading them.

Is this even possible?

It's just that the server contains lots of personal information, SSN, phone, email, etc, and only specific people with the right password should be able to access them.

No one should be able to download anything from the server, at least not without the highest level of permissions granted in my program!

So far I have an FTPFile [] with all the data files on the server.

I want to loop through them, see if they have the current user's name on it (meaning they're allowed to view this person/file), and if so, add their data to an ArrayList .

Any tips?

import java.io.File;
import java.io.FileOutputStream;
import java.util.List;
import java.util.Arrays;

import org.apache.commons.net.ftp.FTPClient;
import org.apache.commons.net.ftp.FTPFile;
import org.apache.commons.net.ftp.FTPReply;

public class Server {
    private static final String server = "/server";
    private static final String host = "00.000.0.0";
    private static final String user = "username";
    private static final String pass = "password";
    private static List <FTPFile> data;
    private static FTPClient ftp = new FTPClient ();

    public static void load (String folder) {
        try {
            // Connect to the SERVER
            ftp.connect(host, 21);
            if (!FTPReply.isPositiveCompletion(ftp.getReplyCode())) {
                System.out.println("Could not connect to the server.");
                return;
            }

            // Login to the SERVER
            ftp.enterLocalPassiveMode();
            if (!ftp.login(user, pass)) {
                System.out.println("Could not login to the server.");
                return;
            }

            // Get DATA from the SERVER
            System.out.println(server + "/" + folder);
            data = Arrays.asList(ftp.listFiles(server + "/" + folder));
            System.out.println(data.size());
            for (int f = 0; f < data.size(); f++)
                System.out.println(data.get(f).getName());

            // Disconnect from the SERVER
            ftp.logout();
            ftp.disconnect();

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static String read (FTPFile file) {
        try {
            String name = file.getName();
            File tempFolder = new File ("temp/" + name);
            tempFolder.mkdirs();

            // Create a TEMPORARY DATA FILE
            File tempFile = new File (tempFolder.getAbsolutePath() + "/data");
            System.out.println(tempFile.getAbsolutePath());
            tempFile.createNewFile();
            tempFile.deleteOnExit();

            // Get ready to DOWNLOAD DATA from the SERVER
            FileOutputStream out = new FileOutputStream (new File (name));
            ftp.connect(host, 21);
            ftp.login(user,  pass);

            // DOWNLOAD and DISCONNECT
            ftp.retrieveFile(name, out);
            out.close();
            ftp.logout();
            ftp.disconnect();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return ""; // This should return a String with data read from the file
    }
}

Answer 1

If you want to "read" (as in inspect its content) a file you have to download, i.e. transfer its contents from the server to the client. There is no way around it, when you are restricted to a client sided solution.

In general it is a bad idea to check user permissions in the client only. If a malicious user has the correct credentials to access the server (that could be extracted from the client), he can circumvent the client sided authorization, rendering it useless.

Authentication and authorization of users should always occur server sided.

In your example you could consider the creation of different users on the ftp server and appropriate rights to access, read and write files / directories.

Answer 2

No it is not possible to read a file from clientside over ftp without downloading it first.

Yoou will have to install software at (ftp-) serverside.