22
Preparing Your Network and Installing Contribute
•
Roles you define within Contribute
Network permissions can be set in several ways through a variety of systems. Contribute always
adheres to the network permissions for read and write access to folders. It also obeys permissions
set through LDAP and similar systems. Contribute can never overwrite any server- or network-
level permissions.
Note:
The server’s network and operating system permissions, and the web server software’s
permissions, always take precedence over Contribute permissions.
Whenever you provide access to a web server, you should take precautions to ensure that the
operating system of the server hosting the site, as well as the web server software itself (and the
FTP server, if you are using FTP), are secure. For the best practices related to securing your
website from accidental and malicious tampering, see the documentation provided with your
server’s operating system, FTP, and web server software.
Note:
You can set folder permissions to allow a user or group of users to modify a folder and later
define more restrictive folder- or file-editing options when you define the Contribute user roles.
Understanding server access for connecting to CPS-managed websites
As an administrator, you should require that users enter their own account username and
password to log in when they use FTP, SFTP, or WebDAV to connect to a website managed by
CPS. This is a best practice and the default option. The alternative is to use a shared FTP, SFTP,
or WebDAV account for a website connection managed by CPS.
Requiring users to log in with their own account username and password provides an extra layer
of security. When you share a website connection that uses a shared account, the username and
password for the shared account are stored on the machine where CPS is installed. The password
is stored as a hash of the password in a non-browsable folder, and you can restrict access to this
folder. However, the password could be at risk if it is not a strong password. Therefore, it is
recommended that you not use shared account information for any CPS website connection, but
that you require users to log in with their own account information.
If you require users to log in with their own account information, CPS prompts them for a
username and password. You can improve the user experience by creating FTP, SFTP, or
WedDAV accounts tied to your user directory service so that users do not have to know or
remember another password. If the CPS login is also tied to your user directory service, CPS can
automatically reuse the user’s CPS login information to open the connection and will not prompt
for a second password for connection information. The user also has the option of having
Contribute remember the account username and password for future use.
As an administrator for a website managed by CPS, you can view or modify FTP, SFTP, and
WebDAV settings by editing the connection.
For more information see “Editing website connections” in Macromedia Contribute Help.
