Jump to content
Sign in to follow this  
hedata

SuperContainer Security & IIS

Recommended Posts

Hello everyone,

I've recently installed SuperContainer on my FileMaker Server and got it up and running perfectly. The only problem is that you can access the files if you manually type the URL into the web browser address bar. I know I could set a username and password for SuperContainer to stop people from doing this but I'd rather not as SuperContainer is being used across various databases.

Is there a way of making sure people can solely access their files via the database? My server is running Windows 7 Professional with IIS 7.5.

Any help is much appreciated!

Stuart

By the way I'm running SuperContainer through SSL.

Share this post


Link to post
Share on other sites

Hey there,

The best way to prevent this is obfuscation of SuperContainer URLs/folder paths... as "http://yourserver/SuperContainer/Files/ClientName/DocumentName" is much easier to figure out than, "http://yourserver/SuperContainer/Files/y347adfaj8w4jafa/32".

Is there a way of making sure people can solely access their files via the database? My server is running Windows 7 Professional with IIS 7.5.

Unfortunately, there's really not a way to force someone to access SC URLs from the database only... which is akin to forcing someone to access 360Works' homepage by first searching on Google. If the URL is known, they can surely access it as it's publicly accessible.

Our SuperContainer Product Support wiki page goes into a bit more detail on several security concepts that could be employed within your solution, that I highly recommend you take a quick peek at.

I hope this helps,

Share this post


Link to post
Share on other sites

Thanks for your help, Obinna.

Thanks a lot for the link, really helpful stuff. Am I right in saying that I will be able to embed the SuperContainer password and username into the Web Viewer calculation? So that users accessing the files via the database will not have to enter the username and password credentials, BUT people trying to access the files by typing in the URL will be asked for a username and password?

Share this post


Link to post
Share on other sites

Am I right in saying that I will be able to embed the SuperContainer password and username into the Web Viewer calculation? So that users accessing the files via the database will not have to enter the username and password credentials, BUT people trying to access the files by typing in the URL will be asked for a username and password?

Exactly.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

By using this site, you agree to our Terms of Use.