SuperContainer v2.831 generates user-scaring phishing warning in Safari

[JohnDCCIU]

First, just wanted to say that we've been using SuperContainer successfully for over a year and have been extremely happy with it; it's a great solution and has singlehandedly enabled us to do systems in FileMaker that we otherwise would not have been able to do.

I just updated our server to v2.831, which apparently changes things to HTML5 because of bugs in OS X. The effect that we've seen, however, is that when a user clicks on a PDF image in the SuperContainer webviewer field, it now opens the file in the user's browser rather than in the local copy of Adobe Reader. This change is a little disconcerting for the users, but they could always open it in Adobe Reader via a secondary step.

The big problem is that Safari generates this giant red phishing warning dialog (see attached screenshot) when it tries to open the SuperContainer link, because of the password embedded in the link (which has always freaked me out, but it was never "in your face" with Adobe Reader, plus we use UUIDs as ersatz passwords).

This is freaking users out and obviously isn't acceptable behavior from the system. In addition, it's exposing that "password-in-the-link" underbelly of SuperContainer that I'd rather not have visible out there: I worry that some auditor is going to tell us to shut it down, regardless of my protestations about UUIDs and how that protects the data, etc.

Firefox users don't see the phishing warning; instead they see a dialog warning them that they're logging into a server as "SuperContainer" (my SC server's username), and it's confusing them as well, plus once again bringing attention to the URL sitting there in a browser with the password in it.

I understand the need to work around the OS X bugs, but how can we get back to having SuperContainer links open in Adobe Reader rather than Safari?

Thanks,

John

[ooparah]

John,

I do believe we spoke and resolved this issue over the phone, but I will repeat our conversation points here for the benefit of others:

"The big problem is that Safari generates this giant red phishing warning dialog (see attached screenshot) when it tries to open the SuperContainer link, because of the password embedded in the link (which has always freaked me out, but it was never "in your face" with Adobe Reader, plus we use UUIDs as ersatz passwords)."

** This is generated when you define the username and password within a URL as: http://myUsername:my...ainer/Files/... ** (bob:[email protected]:8020)

Instead of using this notation, I recommend placing your credentials at the end of the URL and passing them as parameters (ex. http://hostname/Supe...sword=container)

On the issue of opening a PDF using Acrobat Reader... this is all dependent on the user's system. By default, the Web Viewer will open the files via the client's default browser -- for Mac OS X this is Safari (and possible rendered in the browser) and Internet Explorer for Windows. Any additional actions to be taken (i.e., opening a PDF using Acrobat Reader) would need to be set explicitly by the user -- perhaps as a setting within your browser.

I hope this answers your question... if you have any additional questions or need clarification on this issue, please do not hesitate to contact me.