https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20249#M9419 <HTML><HEAD></HEAD><BODY><SPAN>Thats great, thanks, </SPAN><BR /><BR /><SPAN>my next question, is around the error handeling, with regard the file location.</SPAN><BR /><BR /><SPAN>so If we set the storage directory for the files, to a safe non web facing directory, and there is a file error, such as the file isn't there, etc..&nbsp; will the error passed to the web page show the full path of the storage directory?</SPAN><BR /><BR /><SPAN>I hope that makes sense.. </SPAN><BR /><BR /><SPAN>Mt reasoning, is that if an organisation puts secure documents onto the system, how secure are they?&nbsp; even all set up under SSL, if under an error condition, it spills its guts, and gives the full path, there could be an issue!!!!!</SPAN></BODY></HTML> Fri, 05 May 2006 15:39:17 GMT enterpriserevie 2006-05-05T15:39:17Z https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20247#M9417 Hi guys..I have been looking around for help on the security of the physical files that are loaded onto the server.&nbsp; Where do they get stored, is it safe from the web server instance, do they get copied when a web based request is instigated?although I can't find anything on the Wiki, I assume there Fri, 05 May 2006 07:34:00 GMT https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20247#M9417 enterpriserevie 2006-05-05T07:34:00Z https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20248#M9418 <HTML><HEAD></HEAD><BODY><SPAN>The physical file content is stored by default in the "alf_data" directory. The "repository.properties" file (search for it in your distribution) contains the location of the alf_data directory. By default the directory get stored as "./alf_data" which generally means it is found in the tomcat/bin directory. The reasoning for using a relative path by default is so that you can get up-and-running immediately with an Alfresco download without having to edit any files. It is suggested that you change the alf_data directory path to something more permanent for a real installation.</SPAN><BR /><BR /><SPAN>The files get streamed directly to the response when a web-based request is issues - this is very fast.</SPAN><BR /><BR /><SPAN>Cheers,</SPAN><BR /><BR /><SPAN>Kevin</SPAN></BODY></HTML> Fri, 05 May 2006 13:32:11 GMT https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20248#M9418 kevinr 2006-05-05T13:32:11Z https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20249#M9419 <HTML><HEAD></HEAD><BODY><SPAN>Thats great, thanks, </SPAN><BR /><BR /><SPAN>my next question, is around the error handeling, with regard the file location.</SPAN><BR /><BR /><SPAN>so If we set the storage directory for the files, to a safe non web facing directory, and there is a file error, such as the file isn't there, etc..&nbsp; will the error passed to the web page show the full path of the storage directory?</SPAN><BR /><BR /><SPAN>I hope that makes sense.. </SPAN><BR /><BR /><SPAN>Mt reasoning, is that if an organisation puts secure documents onto the system, how secure are they?&nbsp; even all set up under SSL, if under an error condition, it spills its guts, and gives the full path, there could be an issue!!!!!</SPAN></BODY></HTML> Fri, 05 May 2006 15:39:17 GMT https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20249#M9419 enterpriserevie 2006-05-05T15:39:17Z https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20250#M9420 <HTML><HEAD></HEAD><BODY><SPAN>The paths to the actual file content are completely hidden from any client and any user of those client. Internally the content location is referenced by ID in the DB (which of course can be on another machine which is well hidden and protected) - even this information is meaningless if it was ever displayed - which it is not. So there is no concern for the type of issue that you mention.</SPAN><BR /><BR /><SPAN>Thanks,</SPAN><BR /><BR /><SPAN>Kevin</SPAN></BODY></HTML> Fri, 05 May 2006 15:50:56 GMT https://connect.hyland.com/t5/alfresco-archive/file-security-not-user-security/m-p/20250#M9420 kevinr 2006-05-05T15:50:56Z