Security and Docs2Web
Security set in Docs2Web
The Configure Docs2Web program allows you to specify whether or not a user must log-in to the website, have the ability to search all the groups they are a part of at one time or not, and log when a user views or saves a document to disk. This is described in detail in the Security Settings section of this help file.
The Docs2Manage program controls who can access the website. This works in conjunction with the settings set with the Configure Docs2Web program.
If a Docs2Web log-in is required, check the "User must Log-in to Website" check-box. This will mean that every user will require a log-in name and password. These users can be added or modified in the "Groups and Users" area under the security menu of Docs2Manage under the "All Users" tab. Besides adding the user(s), groups they have access to must be defined. This can be done in the "Joining Users to Groups" area also under the Security menu of Docs2Manage under the "Join User to Group" tab. Select the proper group from the drop-down and check the "Has Web Access" for the users to have access to the respective group on the web.
If a Docs2Web log-in is not required, uncheck the "User must Log-in to Website" check-box. Then all users will have the same access. However, specific groups can be selected to make public. These groups can be added or removed by checking or unchecking the "Has Web Access" field in the "Groups and Users" area under the Security menu of Docs2Manage under the "Security Groups" tab.
Website or Web Server Security
In addition to the security layer in Docs2Web, it is recommended that websites that requires a login and password, which are considered private, also secure their website with SSL (Secure Sockets Layer), especially if the websites are available to the Internet. This not only prevents that the login and password from being intercepted by a third-party, but the actual documents as well. It is recommended that the entire website use SSL (HTTPS). However, websites that are on the Internet that do not require a login have no need for SSL, since anyone can retrieve these documents through normal browsing activities.