Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FIle security not user security

enterpriserevie
Champ in-the-making
Champ in-the-making

‎05-05-2006 03:34 AM

Hi guys..

I have been looking around for help on the security of the physical files that are loaded onto the server.  Where do they get stored, is it safe from the web server instance, do they get copied when a web based request is instigated?

although I can't find anything on the Wiki, I assume there is somthing, could you point me in the right direction?

Cheers
Labels:
0 Kudos
3 REPLIES 3

kevinr
Star Contributor
Star Contributor

‎05-05-2006 09:32 AM

The physical file content is stored by default in the "alf_data" directory. The "repository.properties" file (search for it in your distribution) contains the location of the alf_data directory. By default the directory get stored as "./alf_data" which generally means it is found in the tomcat/bin directory. The reasoning for using a relative path by default is so that you can get up-and-running immediately with an Alfresco download without having to edit any files. It is suggested that you change the alf_data directory path to something more permanent for a real installation.

The files get streamed directly to the response when a web-based request is issues - this is very fast.

Cheers,

Kevin
0 Kudos

enterpriserevie
Champ in-the-making
Champ in-the-making

‎05-05-2006 11:39 AM

Thats great, thanks,

my next question, is around the error handeling, with regard the file location.

so If we set the storage directory for the files, to a safe non web facing directory, and there is a file error, such as the file isn't there, etc..  will the error passed to the web page show the full path of the storage directory?

I hope that makes sense..

Mt reasoning, is that if an organisation puts secure documents onto the system, how secure are they?  even all set up under SSL, if under an error condition, it spills its guts, and gives the full path, there could be an issue!!!!!
0 Kudos

kevinr
Star Contributor
Star Contributor

‎05-05-2006 11:50 AM

The paths to the actual file content are completely hidden from any client and any user of those client. Internally the content location is referenced by ID in the DB (which of course can be on another machine which is well hidden and protected) - even this information is meaningless if it was ever displayed - which it is not. So there is no concern for the type of issue that you mention.

Thanks,

Kevin
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC