Can a browser based application write to files on a local hard disk?

Bill Freeman f at ke1g.mv.com
Mon Jan 28 12:25:05 EST 2008 

Alex Hewitt writes:
 > Scenario: Need a web application which collects user data that needs to
 > be stored on the user's local hard disk. Which tools can do this?
 > 
 > I know that web site based applications are usually prevented from
 > writing to the user's local hard disk but I would prefer that any user
 > data be kept local to the user rather than stored on my web site. The
 > reasons are obvious - I don't want to be responsible for the user's data
 > and I'd like to be able to say "We don't have access to your private
 > information because we don't store it on our web site".
 > 
 > Ideas?
 > 
Alex,

Kent has already pointed out the Java applet approach.  I can think of
two other hacks:

1. Cookies.  Persistent cookies are kept on the user's hard drive.
Problems with this approach include: A. if the user elects to clear
cookies, its gone; B: Security is terrible; C: This si probably only
useful for small data sets; and D:In some circumstance, there may be
limits on how far in the future you can set the expiration, menaing
the user needs to guarantee to visit at least that often.

2. Make him push a "Save As" button on the page, which initiates a
file download.  He is prompted to decide where to put the file, or at
least whether he agrees to save it, by his browser.  When he visits
again, he pushes an "Open" button, which initiates an upload, which
causes his browser to allow him to choose the file that he saved in a
previous session.  The nastiness here is that you must retain his data
on the server for the duration of the session, and knowing when a
session has ended can be problematic.  Alos, you can't auto-save
things for the user as he works: he has to push a download button.

Both of these are more cumbersome for the user than the Java applet
approach, but don't require Jave to be enabled, or even that you have
a JRE, and you don't have to figure out how to sign the applet (or pay
the certificate authority, if that's required).  They do require
cookies (though there are session management approaches for the upload
- download approach that don't use cookies either).

Finally, a non-browser based approach would be a Python application
that handles necessary interchange with the server.  It can be fairly
portable, once, of course, you get him to install Python.  You might
even manage to use his browser as a UI, by running an http server in
Python.

Bill

More information about the gnhlug-discuss mailing list