Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherCONTRIBUTE 4
11121314151617181920
18 Preparing Your Network and Installing Contribute
Understanding network and server permissions
Contribute is unique in that it allows editing of web pages directly on the server hosting your
website. This level of server access makes network permissions and access control especially
important.
There are at least three levels of permissions for every Contribute site:
Permissions defined by the network operating system (for instance, Windows or UNIX® server
software)
Permissions defined by the web server software
Roles you define in Contribute
Network permissions can be set in several ways through a variety of systems. Contribute always
adheres to the network permissions for read and write access to folders. It also obeys permissions
set through LDAP and similar systems. Contribute can never overwrite any server- or network-
level permissions.
Note: The server’s network and operating system permissions, and the web server software’s
permissions, always take precedence over Contribute permissions.
Whenever you provide access to a web server, take precautions to ensure that the operating system
of the server hosting the site, as well as the web server software itself (and the FTP server, if you
are using FTP), are secure. For the best practices related to securing your website from accidental
and malicious tampering, see the documentation provided with your server’s operating system,
FTP, and web server software.
Note: You can set folder permissions to allow a user or group of users to modify a folder and later
define more restrictive folder- or file-editing options when you define the Contribute user roles.
Understanding server access for connecting to CPS-managed websites
As an administrator, you should require that users enter their own account username and
password to log in when they use FTP, SFTP, or WebDAV to connect to a website managed by
CPS. This is a best practice and the default option. The alternative is to use a shared FTP, SFTP,
or WebDAV account for a website connection managed by CPS.
Requiring users to log in with their own account username and password provides an extra layer
of security. When you share a website connection that uses a shared account, the username and
password for the shared account are stored on the machine where CPS is installed. The password
is stored as a hash of the password in a non-browsable folder, and you can restrict access to this
folder. However, the password could be at risk if it is not a strong password. Therefore, it is
recommended that you not use shared account information for any CPS website connection, but
that you require users to log in with their own account information.
If you require users to log in with their own account information, CPS prompts them for a
username and password. You can improve the user experience by creating FTP, SFTP, or
WedDAV accounts tied to your user directory service so that users do not have to know or
remember another password. If the CPS login is also tied to your user directory service, CPS can
automatically reuse the users CPS login information to open the connection and does not
prompt for a second password for connection information. The user also can have Contribute
remember the account username and password for future use.