Authentication options within HTML

Please post all questions relating to Help & Manual 6 here!

Moderators: Alexander Halser, Tim Green

Post Reply
User avatar
Aitch
Posts: 544
Joined: Thu Jun 10, 2004 4:52 pm
Location: Manchester, UK

Authentication options within HTML

Unread post by Aitch »

Hello all! remember me? :)
(you still can't get rid of me!).

Anyhoo - we had our annual PA-DSS testing, and the only complaint with our software is that the HTML (which is hosted on static pages), needs authentication as anyone with the link can access the help file without needing the software. Which they say can pose as a security risk.

I don't know all the technical jargon, but I'm sure that's the general idea of their complaint.

Is there a way we can add authentication on the HTML so it has to go through the software to be accessed?

ps. I'm just waiting for my upgrade to V7 to come through.

Thanks a lot
Heidi
Version 9.0.3 Build 6380

---------------------------------------------------------------------
Always check your spellar and gramming before you publish!
User avatar
Tim Green
Site Admin
Posts: 23143
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Re: Authentication options within HTML

Unread post by Tim Green »

Hi Heidi,

Because of the way websites work authentication is only possible on the web server. You need to have the WebHelp stored in a protected folder on the server and provide access through a login system running on the server. Login access control is not the kind of thing that can be provided by an authoring program like Help & Manual because you need server-side security control, authentication, strong encryption, a strong database of user names and passwords etc. etc.

This is also the only way to provide different versions to different user groups on web servers: You generate different WebHelp versions of your documentation for your different user groups. This is easy to create with Help & Manual, thanks to its extensive conditional output features that allow you to create different versions of your projects with different content and even completely different tables of contents with different structures. Then you store each version in a different location on your web server and use your existing user login system to direct users from each group or category to the appropriate versions. Then there is also no question of users being able to access inappropriate content, because only the content that they are meant to see is in the version they are accessing; there is nothing else to find.
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
User avatar
Aitch
Posts: 544
Joined: Thu Jun 10, 2004 4:52 pm
Location: Manchester, UK

Re: Authentication options within HTML

Unread post by Aitch »

thank you for your reply Tim.
I'll discuss this with the developers.
Version 9.0.3 Build 6380

---------------------------------------------------------------------
Always check your spellar and gramming before you publish!
Post Reply