Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 4652 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted

We are thinking of moving our FMP database w SuperContainer to a web hosting service; currently we are just using it on our local machines. As I understand it, the security for the hosted database will be the user log-ins and passwords. Forgive me if this is a dumb question, but would all of our SuperContainer documents be unprotected and accessible to the whole web? I know that no one is probably interested in digging around what we have in our DB, but how secure are SC files that are hosted online?

Again, please forgive the newbie question. I'd appreciate any thoughts on this.

Posted

This is a very good and valid question. Under a web interface, it would be difficult or near impossible for someone to be able to access the file(s) directly, especially if they are placed outside of the website's root file directory. Unless there is FTP access enabled, then only if the setup is sloppily done with no real security.

One good piece of advice that I can give you with using SuperContainer and the web - since the S.C. interface uses a 'web address' to pull the file and display it on the web browser, DO NOT use a sequencial number to identify your files. The reason is that if someone was paying even slight attention, they would notice that the web address will display the ID of the file, like this -

http://www.myfilehoster.com/supercontainer/PDFs/1024/

Nothing is stopping them from manually typeing in the address bar

http://www.myfilehoster.com/supercontainer/PDFs/1025/

http://www.myfilehoster.com/supercontainer/PDFs/1026/

and so on to view documents/pictures you didn't intend for them to see. Use a highly unique identifyer instead, like a UUID. It'll really give a long address, but it'll make it near impossible for someone to "guess" an address.

Posted

This is a very good and valid question. Under a web interface, it would be difficult or near impossible for someone to be able to access the file(s) directly, especially if they are placed outside of the website's root file directory. Unless there is FTP access enabled, then only if the setup is sloppily done with no real security. One good piece of advice that I can give you with using SuperContainer and the web - since the S.C. interface uses a 'web address' to pull the file and display it on the web browser, DO NOT use a sequencial number to identify your files. The reason is that if someone was paying even slight attention, they would notice that the web address will display the ID of the file, like this - http://www.myfilehoster.com/supercontainer/PDFs/1024/ Nothing is stopping them from manually typeing in the address bar http://www.myfilehoster.com/supercontainer/PDFs/1025/ http://www.myfilehoster.com/supercontainer/PDFs/1026/ and so on to view documents/pictures you didn't intend for them to see. Use a highly unique identifyer instead, like a UUID. It'll really give a long address, but it'll make it near impossible for someone to "guess" an address.

Wonderful answer Brent! I would like to use your answer in our Product Support wiki, accessible here.

Let me know if this is alright with you,

This topic is 4652 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.