Securing the SC Folder

[djlane]

The SC documentation says

If you have password-protected your SuperContainer installation and don't want users to be prompted for a username and password, you can embed this information directly into your URL. For a username of "bob" and password "secret", you can do the following:

http://bob:[email protected]:8020/SuperContainer/Files/etc...

Note: this is not a foolproof means of preventing users from finding out the username and password! The password will be shown briefly when loading the page, and again when clicking on a link to download the image.

So this does not sound very secure. What is the best way to secure access to the documents inside SC ?

Is there a way that is more secure than that described above ?

Edited November 6, 2008 by Guest

[Jesse Barnum]

We have a security section on a SuperContainer FAQ that we're working on. We haven't publicized it yet, but it is accessible if you have the URL.

Read the security section here:

http://wo.360works.com/cgi-bin/support/productsupport.cgi/SuperContainer#SuperContainer33

[exizldelfuego]

Is there a way of securing SuperContainer for edits, but let anyone view anything?

I’m creating a system through which our client can manage their website, and SuperContainer is perfect for both providing the client an interface to manage photos as well as providing the world with processed versions of the photos for the website. The problem being, of course, that if SuperContainer is facing the public—and that public knows something about SuperContainer—they could check the HTML tag, substitute the RawData for Files, and start altering images.

If need be, I could have the website act as a proxy to SuperContainer, but it’d be great to eliminate the overhead.

[Valentin]

We have been working on the ability to specify permissions for every folder level of SuperContainer hosting directory. And it's a ready feature, currently you can set read, write or delete on each folder. We could make this available to you now for a price of an enterprise upgrade license.

Further we could extend SuperContainer to require each user to authenticate with an LDAP server and have a separate set of read, write, delete permissions for authenticated users. I don't have a price ready for that but we could estimate it for you.