Forgive the rudimentary question about Java, but I haven't used it much at all.

I have a user that wants to use a Java application to read a text file that gets uploaded once a minute to the server from his desktop.
This user doesn't have FTP permissions, so I'm guessing this text file needs to have 0777 for permissions. This has me concerned. If this file is world writable and it gets passed to a Java app (an executable?), then doesn't that put the server at risk?

What about this "once a minute" thing...isn't that excessive?
Does Java need to load into memory like PERL, or does it run differently, so this won't be a hit on the server every time it runs?

Thank you for any assistance. I'm lost on this one.

Now is this going to be a real application or an applet? If its a regular application it will have to load the interpretor into memory and run the program that way. If its an applet, it is run client-side... however then it needs to get into the whole applet-signing thing.

In any event, once per minute is possible, but for a java app, it might bog down the server a little, as for having 0777 permissions, it depends on where the file is uploaded and such as well, if the app is running as a local process to his account then it wouldn't be that much a security risk, unless it writes stuff as well... or makes conf changes

Thanks for responding.
Well, it seems it's an applet, since it's loaded into the page that way. That is to say, the one that displays the text file is the applet (calls a .jar). As to the application on the user's desktop, I'm waiting to hear back to find out more about it, and where and how it updates the txt file.
This is the app he wants to use on the server:
http://www.pikeus.freeserve.co.uk/applets/scrollitup/scrollitup.html

Is it possible if the text file were passed something more than plain text (either by something infesting his system, or an outside party that learns of the 0777 file), that the Java app could do more than intended? Likely, or am I just being paranoid?

I am of course, concerned about a possible drag on the server caused by this process. I can hardly justify it just so this person can have a (IMHO) useless app running continuously.

I'd check to make sure, but if its an applet, it runs client-side and must be authorized to send data anywhere. It loads the code into the browser from the server, it really can't do anything like write files to the server, unless there is a servlet running somewhere or another program listening for the output. As far as I am aware, it would be safe, just seems kinda silly... but basically, the applet has a lot of restrictions server side, and I am not aware of any inherent java flaws that would allow it to do major harm.

Thank you for the help. I'll wait to hear from this person as to what his desktop app does, and how it updates the text file.
I'd imagine that the server side app that displays this info is called whenever the page loads, as opposed to a TSR type deal, so I can't see this being a big performance issue. I'm still going to recommend this app (early warning for weather info, local city website), has at least a 5 minute refresh, however. Once a minute is silly and needless, IMHO.

There is no server side component to this applet other than a URL that is accessable from the same server that served the applet. The only possible issue is uploading the text file that the applet reads. The applet does not have the capability to update the text file as it is accessing it via http - it just reads a URL, parses it for HTML like tags, and displays the content of it. The file it reads is a text file.

Mostly it's just a matter of figuring out with your customer how to get the file up. If you have any server side technologies (JSP/PHP/etc) your customer could create a very simple file upload page or process to automate the process.

Thanks, stdunbar.
I realize that the applet doesn't update the text file. I was more concerned as to whether or not the text file could pass something dangerous to the applet, which in turn might execute on the server. I don't have a strong background in Java.

As for how he's getting the file onto the server, I'm waiting to hear back. I believe he said it's an app on his desktop that connects and uploads (in use on another server currently) the file. This means he either has FTP access there, or the file has some fairly promiscuous permissions, and that concerns me. I believe that this application is getting the information from a third party (weather service), otherwise why would it need to update so frequently? If he were changing it himself, then he could "send" it on change.