labyrinthian Posted March 16, 2012 Posted March 16, 2012 We are thinking of moving our FMP database w SuperContainer to a web hosting service; currently we are just using it on our local machines. As I understand it, the security for the hosted database will be the user log-ins and passwords. Forgive me if this is a dumb question, but would all of our SuperContainer documents be unprotected and accessible to the whole web? I know that no one is probably interested in digging around what we have in our DB, but how secure are SC files that are hosted online? Again, please forgive the newbie question. I'd appreciate any thoughts on this.
BrentHedden Posted March 16, 2012 Posted March 16, 2012 This is a very good and valid question. Under a web interface, it would be difficult or near impossible for someone to be able to access the file(s) directly, especially if they are placed outside of the website's root file directory. Unless there is FTP access enabled, then only if the setup is sloppily done with no real security. One good piece of advice that I can give you with using SuperContainer and the web - since the S.C. interface uses a 'web address' to pull the file and display it on the web browser, DO NOT use a sequencial number to identify your files. The reason is that if someone was paying even slight attention, they would notice that the web address will display the ID of the file, like this - http://www.myfilehoster.com/supercontainer/PDFs/1024/ Nothing is stopping them from manually typeing in the address bar http://www.myfilehoster.com/supercontainer/PDFs/1025/ http://www.myfilehoster.com/supercontainer/PDFs/1026/ and so on to view documents/pictures you didn't intend for them to see. Use a highly unique identifyer instead, like a UUID. It'll really give a long address, but it'll make it near impossible for someone to "guess" an address.
labyrinthian Posted March 17, 2012 Author Posted March 17, 2012 Thank you, this is extremely helpful and clarifies a lot!
ooparah Posted March 19, 2012 Posted March 19, 2012 This is a very good and valid question. Under a web interface, it would be difficult or near impossible for someone to be able to access the file(s) directly, especially if they are placed outside of the website's root file directory. Unless there is FTP access enabled, then only if the setup is sloppily done with no real security. One good piece of advice that I can give you with using SuperContainer and the web - since the S.C. interface uses a 'web address' to pull the file and display it on the web browser, DO NOT use a sequencial number to identify your files. The reason is that if someone was paying even slight attention, they would notice that the web address will display the ID of the file, like this - http://www.myfilehoster.com/supercontainer/PDFs/1024/ Nothing is stopping them from manually typeing in the address bar http://www.myfilehoster.com/supercontainer/PDFs/1025/ http://www.myfilehoster.com/supercontainer/PDFs/1026/ and so on to view documents/pictures you didn't intend for them to see. Use a highly unique identifyer instead, like a UUID. It'll really give a long address, but it'll make it near impossible for someone to "guess" an address. Wonderful answer Brent! I would like to use your answer in our Product Support wiki, accessible here. Let me know if this is alright with you,
Recommended Posts
This topic is 4652 days old. Please don't post here. Open a new topic instead.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now