linking directly to a file

[FINPJENN]

Hi, I am new to the forum and have had a look around for an answer to my question but haven't found an answer.

Can a user paste a link to a file into their address bar, and view/download the file without logging in? If so, is there any way to disable this?

Also,

Also, when I create a new user, is there a way to automatically create a private folder which only that user can access, which they are automatically logged into when they log in?

[maverick]

Can a user paste a link to a file into their address bar, and view/download the file without logging in?

No.  If the file or folder is password protected or if access is restricted to specific users, they would be presented with the logon screen before they could go any further.  But, if the file is not password protected or restricted to specific users, they can download the file without login.

Also, when I create a new user, is there a way to automatically create a private folder which only that user can access, which they are automatically logged into when they log in?

No.  Just create a folder for the user and restrict access to only him.  He would be the only one that would see the folder when he logs in.

[FINPJENN]

Maverick

Many thanks for your reply. I have a couple more questions I need some advice on if you could help me out.

Is there anyway to force a user to login before they see what folders/files/directories are available?

Also, would you say this piece of software is safe to use in a corporate environment with many users connecting (uploading/downloading) to a server at any one time?

Thanks

Phil

[maverick]

Is there anyway to force a user to login before they see what folders/files/directories are available?

Yes.  Password protect the root by restricting access to all existing user accounts.( "/" without the quotes found in the virtual file system part of the gui).

Also, would you say this piece of software is safe to use in a corporate environment with many users connecting (uploading/downloading) to a server at any one time?

All I can say is that this excellent server software is continually being updated with new features and fixes to any bugs or fixes to any security related issues.  The developer, rejetto, is constantly working on the software to make it even better.  Many of us have a lot of users in our user base with many users online at the same time putting the server through its paces.  But, I think most of these servers are home based.  As for safe to use in a corporate environment, assuming other system security precautions are in place, I don't see why not but the best person to answer that would be the developer rejetto.  He has been away for the last couple of days but he reads all the posts.  I'm sure he will have a better response for you on this matter.

[FINPJENN]

Yes.  Password protect the root by restricting access to all existing user accounts.( "/" without the quotes found in the virtual file system part of the gui).

Would this allow me to show the user a webpage with a logon button? I don't want the users to enter the URL and as soon as they press enter, a username and password request to appear.

I ideally want them to enter the URL, and for a webpage to show with a 'log in' button and other general information, and once they click a login button on the homepage, they are requested to give a username and password - is this possible?

Thanks for your help

[maverick]

Yes.  Password protect the root by restricting access to all existing user accounts.( "/" without the quotes found in the virtual file system part of the gui).

Would this allow me to show the user a webpage with a logon button? I don't want the users to enter the URL and as soon as they press enter, a username and password request to appear.

No.

I ideally want them to enter the URL, and for a webpage to show with a 'log in' button and other general information, and once they click a login button on the homepage, they are requested to give a username and password - is this possible?

Yes.

1.  First of all you would create the html webpage and include the code for a login button.  (ex. <a href="/~login" class=button>&nbsp;&nbsp;Login&nbsp;&nbsp;</a>).   Also include in your webpage from the [style] section of the  HFS template the .button enteries and whatever other style enteries you may need.
2.  Let's say you called this webpage start.htm.
3.  You would then let your users know the url of your server but you would also have to include start.htm so they are directed to that webpage first.  (ex.  http://your ip address/start.htm)
4.  When they click on the login button, they would then be asked to login with their name and password.

[FINPJENN]

Maverick

I've followed your instructions and all is working well - very impressed with the program.

One other thing though, when I create users, each user has their own default directory, which only that user has access too.

Is there any way to stop other users seeing the folder as well as not having access to it?

E.g. User1 should not be able to see or access User2's folder and vice versa.

Can this be done, if so, how?

Many thanks for your help.

[maverick]

Is there any way to stop other users seeing the folder as well as not having access to it?

Sure.  First switch to expert mode.  Then in the HFS virtual file system gui right click on the folder you created for a user and click on "restrict access".  From the list of users shown there make sure that only that one user is checked off for that folder.

[Flynsarmy]

There is a way to create a password to a file but still allow a user to download that file using only a URL, although it's
pretty pointless. say the username is root, the password is root2. you could link to the file with:
  http://root:root2@myfileserver.com
As you can see, the username and password are visible within the URL, so security would be a problem.

[FINPJENN]

Maverick/Flynsarmy,

Many thanks for your reply - i've managed to achieve what i needed.

Also, with regards to the HFS-Clean template, do you know if it has a login page, rather than going straight to the directories?

Many thanks, Phil

[maverick]

Also, with regards to the HFS-Clean template, do you know if it has a login page, rather than going straight to the directories?

Don't know.  Try it and see.  Remember that you can customize the templates any way you wish.  If it's lacking a login page, add one or call an external one from the [login-link] section.

[TSG]

HFS-Clean doesn't have a login page. The only known templates with this are as below.

No Javascript in Login:
Grey Template
Thunderchicken of Glory - stay posted on this one, i have revamped the login page just last night, gave it a bit of ToG styling the old one was getting boring i made it in a few mins one day and never got round to changing it.

Javascript in Login:
HFS Terayon

.. i think thats all of them.

[rejetto]

I think most of these servers are home based.  As for safe to use in a corporate environment, assuming other system security precautions are in place, I don't see why not but the best person to answer that would be the developer rejetto.

i've nothing to say more than this.
there is no known security flaw in current version of HFS. just keep up to date.