Jump to content

SuperContainer Security & IIS

hedata

By hedata
in SuperContainer by 360 Works

 Share

This topic is 4270 days old. Please don't post here. Open a new topic instead.

Recommended Posts

hedata Explorer

hedata

Posted
Posted

Hello everyone,

I've recently installed SuperContainer on my FileMaker Server and got it up and running perfectly. The only problem is that you can access the files if you manually type the URL into the web browser address bar. I know I could set a username and password for SuperContainer to stop people from doing this but I'd rather not as SuperContainer is being used across various databases.

Is there a way of making sure people can solely access their files via the database? My server is running Windows 7 Professional with IIS 7.5.

Any help is much appreciated!

Stuart

By the way I'm running SuperContainer through SSL.

Link to comment
Share on other sites
ooparah Collaborator

ooparah

Posted
Posted

Hey there,

The best way to prevent this is obfuscation of SuperContainer URLs/folder paths... as "http://yourserver/SuperContainer/Files/ClientName/DocumentName" is much easier to figure out than, "http://yourserver/SuperContainer/Files/y347adfaj8w4jafa/32".

Is there a way of making sure people can solely access their files via the database? My server is running Windows 7 Professional with IIS 7.5.

Unfortunately, there's really not a way to force someone to access SC URLs from the database only... which is akin to forcing someone to access 360Works' homepage by first searching on Google. If the URL is known, they can surely access it as it's publicly accessible.

Our SuperContainer Product Support wiki page goes into a bit more detail on several security concepts that could be employed within your solution, that I highly recommend you take a quick peek at.

I hope this helps,

Link to comment
Share on other sites
hedata Explorer

hedata

Posted
  • Author
Posted

Thanks for your help, Obinna.

Thanks a lot for the link, really helpful stuff. Am I right in saying that I will be able to embed the SuperContainer password and username into the Web Viewer calculation? So that users accessing the files via the database will not have to enter the username and password credentials, BUT people trying to access the files by typing in the URL will be asked for a username and password?

Link to comment
Share on other sites
ooparah Collaborator

ooparah

Posted
Posted

Am I right in saying that I will be able to embed the SuperContainer password and username into the Web Viewer calculation? So that users accessing the files via the database will not have to enter the username and password credentials, BUT people trying to access the files by typing in the URL will be asked for a username and password?

Exactly.

Link to comment
Share on other sites

This topic is 4270 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept