Hello everyone.

I have just noticed that if I point my browser to https://.../SuperContainer/ I can access the page below.

SuperContainer version 2.25

To view the documentation, go to

http://www.360works....umentation.html.

Purchase a license or access the online documentation at

http://www.360works.com/supercontainer.

Enter or edit your activation key on the SuperContainer Registration Page.

Start uploading files at Files/my/custom/file/path

and even worst I can enter or edit the activation key.

How can I protect the access to those pages? I tried to set the following parameters

<param-name>simpleAuthUsername</param-name>

<param-name>simpleAuthPassword</param-name>

but it didn't make any difference.

As you may see above I'm using version 2.25 with FMS9A.

Thanks.

Sig

<param-name>simpleAuthUsername</param-name>

<param-name>simpleAuthPassword</param-name>

This is the correct approach.

How are you inputting your username and password in this .xml file. The resulting web.xml file should look similar to:

<context-param>

<param-name>simpleAuthUsername</param-name>

<param-value>user</param-value>

<description>Username which users must enter to access supercontainer files. If empty, any username will be accepted.</description>

</context-param>

<context-param>

<param-name>simpleAuthPassword</param-name>

<param-value>pass</param-value>

<description>Password which users must enter to access supercontainer files. If empty, no authentication is required to access SuperContainer.</description>

</context-param>

where "user" has been passed as the username and "pass" is the expected password. With this web.xml file saved, the next time a user attempts to access any file or the registration page on your SuperContainer server, they will be prompted.

For SC deployments in standalone, you would enter the same credentials by clicking on the "Options" button after launching the SuperContainerServer.jar file.

Regards,