Adobe 65015459 Server Guide - Page 15

Understanding server access for connecting to CPS-managed websites, Restricting access

Get Adobe 65015459 - Contribute CS4 - PC PDF manuals and user guides
UPC - 883919159980
View all Adobe 65015459 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

ADOBE CONTRIBUTE CS3 12 User Guide Understanding server access for connecting to CPS-managed websites As an administrator, you should require that users enter their own account username and password to log in when they use FTP, SFTP, or WebDAV to connect to a website managed by CPS. This is a best practice and the default option. The alternative is to use a shared FTP, SFTP, or WebDAV account for a website connection managed by CPS. Requiring users to log in with their own account username and password provides an extra layer of security. When you share a website connection that uses a shared account, the username and password for the shared account are stored on the machine where CPS is installed. The password is stored as a hash of the password in a non-browsable folder, and you can restrict access to this folder. However, the password could be at risk if it is not a strong password. Therefore, it is recommended that you not use shared account information for any CPS website connection, but that you require users to log in with their own account information. If you require users to log in with their own account information, CPS prompts them for a username and password. You can improve the user experience by creating FTP, SFTP, or WedDAV accounts tied to your user directory service so that users do not have to know or remember another password. If the CPS login is also tied to your user directory service, CPS can automatically reuse the user's CPS login information to open the connection and does not prompt for a second password for connection information. The user also can have Contribute remember the account username and password for future use. As an administrator for a website managed by CPS, you can view or modify FTP, SFTP, and WebDAV settings by editing the connection. For more information about editing website connections, see Contribute Help. Restricting access to administrative folders and special file types Access to administrative folders and special file types is restricted as a security measure. When you create a site connection, Contribute creates special files that are stored in folders whose names begin with an underscore (such as _mm, _baks, and _notes). These folders may contain files with user names, e-mail addresses, previous versions of web pages, and other types of meta information used by Contribute. The underscore allows Dreamweaver from Adobe and Contribute to distinguish between those folders and the other folders in your site. Contribute and Dreamweaver use this naming convention to filter these special files and prevent them from appearing in the Dreamweaver Site panel and in the Contribute Remote File Browser. These hidden folders can't be browsed, overwritten, or inadvertently altered by users. Additionally, some search engines and automated programs are designed not to return pages found in folders whose names begin with an underscore. To ensure that these folders and files remain protected, review the configuration of your web server software and make certain that you block HTTP access to folders whose names begin with an underscore (_mm, _baks, and _notes), the MMWIP folder, and files identified by the file extensions .lck, .mno, .bak, .lbi, .csi, and .dwt. In particular, you might want to block HTTP access to the MMWIP folder. The MMWIP folder contains interim drafts of files (works in progress) that you might want to protect. Adobe recommends that you restrict access to the MMWIP folder so that only members of your organization can browse files in that folder. Note: In addition to using the computer's operating system and web server software configuration settings, you might consider using a third-party URL scanner to block HTTP access to secure these files and folders. Apache web servers If your website uses Apache, you can explicitly disable browsing folders and files that begin with an underscore. If you know how to modify the Apache web server's httpd.conf file and have permission to do so, you can use the DirectoryMatch directive to prevent visitors from viewing any file in a folder beginning with an underscore.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
ADOBE CONTRIBUTE CS3
User Guide
12
Understanding server access for connecting to CPS-managed websites
As an administrator, you should require that users enter their own account username and password to log in when
they use FTP, SFTP, or WebDAV to connect to a website managed by CPS. This is a best practice and the default
option. The alternative is to use a shared FTP, SFTP, or WebDAV account for a website connection managed by CPS.
Requiring users to log in with their own account username and password provides an extra layer of security. When
you share a website connection that uses a shared account, the username and password for the shared account are
stored on the machine where CPS is installed. The password is stored as a hash of the password in a non-browsable
folder, and you can restrict access to this folder. However, the password could be at risk if it is not a strong password.
Therefore, it is recommended that you not use shared account information for any CPS website connection, but that
you require users to log in with their own account information.
If you require users to log in with their own account information, CPS prompts them for a username and password.
You can improve the user experience by creating FTP, SFTP, or WedDAV accounts tied to your user directory service
so that users do not have to know or remember another password. If the CPS login is also tied to your user directory
service, CPS can automatically reuse the user’s CPS login information to open the connection and does not prompt
for a second password for connection information. The user also can have Contribute remember the account
username and password for future use.
As an administrator for a website managed by CPS, you can view or modify FTP, SFTP, and WebDAV settings by
editing the connection.
For more information about editing website connections, see Contribute Help.
Restricting access to administrative folders and special file types
Access to administrative folders and special file types is restricted as a security measure.
When you create a site connection, Contribute creates special files that are stored in folders whose names begin with
an underscore (such as _mm, _baks, and _notes). These folders may contain files with user names, e-mail addresses,
previous versions of web pages, and other types of meta information used by Contribute. The underscore allows
Dreamweaver from Adobe and Contribute to distinguish between those folders and the other folders in your site.
Contribute and Dreamweaver use this naming convention to filter these special files and prevent them from
appearing in the Dreamweaver Site panel and in the Contribute Remote File Browser. These hidden folders can’t be
browsed, overwritten, or inadvertently altered by users. Additionally, some search engines and automated programs
are designed not to return pages found in folders whose names begin with an underscore.
To ensure that these folders and files remain protected, review the configuration of your web server software and
make certain that you block HTTP access to folders whose names begin with an underscore (_mm, _baks, and
_notes), the MMWIP folder, and files identified by the file extensions .lck, .mno, .bak, .lbi, .csi, and .dwt.
In particular, you might want to block HTTP access to the MMWIP folder. The MMWIP folder contains interim
drafts of files (works in progress) that you might want to protect. Adobe recommends that you restrict access to the
MMWIP folder so that only members of your organization can browse files in that folder.
Note:
In addition to using the computer’s operating system and web server software configuration settings, you might
consider using a third-party URL scanner to block HTTP access to secure these files and folders.
Apache web servers
If your website uses Apache, you can explicitly disable browsing folders and files that begin with an underscore. If
you know how to modify the Apache web server’s httpd.conf file and have permission to do so, you can use the Direc-
toryMatch directive to prevent visitors from viewing any file in a folder beginning with an underscore.