How to save a file on a users computer with cgi

[Paul Rubin]

If you really want to store files on the client side, you need client
side application code, and of course it's client (and browser)
specific.  However, there are ways to do it.  In Netscape Navigator,
you can write files from Javascript by turning on the appropriate
security permission.  You have to either sign the javascript or send
it over a secure (SSL) connection.  There's also a plug-in interface
that lets you call Windows DLL's from Java.  For MSIE, you can put
ActiveX controls on the web page that run arbitary C code.  The amount
of technical hair you have to deal with to write these things is
considerable, but there is a steady industry in them.  That's how
plug-ins like Acrobat Reader and Flash communicate with the browser,
for example.

More recent versions of IE support "HTML Applications" (.hta
extension) that have access to the file system etc.  This is somewhat
simpler than ActiveX programming but again, very Microsoft specific.
Again, you need permission from the user to run any of these things.

Overall, running code on the client side is the wrong approach if the
idea is that you don't want the users to trust you storing their
passwords on your server.  At least with the server side database, all
you get is their passwords.  With client code, you can log all their
keystrokes, destroy all their files, etc. etc., so if they have any
sense they should trust you even less with that than they would with
their passwords.