- Features by Edition
- Latest Features
- Licensing/Activation
- Installation
- Getting Started
- Data Sources
- Deployment/Publishing
- Server Topics
- Integration Topics
- Scaling/Performance
- Reference
- Specifications
- Video Tutorials and Reference
- Featured Videos
- Demos and screenshots
- Online Error Report
- Support
- Legal-Small Print
- Why Omniscope?
|
|
|||||
Web Access ControlControlling Web Access to Omniscope filesOmniscope IOK files permissioned the same as web pagesHTTP authentication is part of the Internet HTTP protocol and is a system for restricting access to any web resource (such as a page, set of pages or area, or (in the case of an Omniscope IOK file, any downloadable file). HTTP Authentication usually entails a pop-up prompt from the web server asking for for username and password, but should not be confused with a log-in page on a website where there is a username and password form displayed on the page itself. HTTP URLs can be pre-encoded with the authentication information if needed, in the standard format: "http://user:password@www.site.com/xyz" ...and if the credentials are incomplete or incorrect, the browser or application will prompt for username and password. Normally, HTTP authentication will be used in conjunction with HTTPS (encrypted HTTP) for added security, although this is not mandatory. Omniscope supports options to use HTTP authentication to control access to data file in two ways; hosting and server permissioning, with the additional, tigher requirement imposed by domain-locking. Option 1: Authenticating your hosted Omniscope IOK filesYou can host your IOK files on your own web server securely using HTTP authentication. If the Omniscope IOK file is downloaded through the browser, the user will be prompted to enter their credentials before being able to download the Omniscope file. This standard facility is provided by the browser and the web server, not by Omniscope, although in the case that Omniscope's internal browser is used to access a URL directly, using for example File > Open > Open from web, Omniscope will prompt the user directly for the username and password required to obtain the file. Of more interest is the ability of a downloaded Omniscope IOK file to be configured to refresh data from any online resource with HTTP authentication. For example, a locally saved IOK file containing a user's views and layouts can be configured to refresh-on-open from an HTTP-authenticated source, such as another IOK file or a CSV data file. On opening the local file, Omniscope requests a username and password and supplies these to the server. The server responds with the updated data, which may be personalised extracts tailored to that username. Omniscope then displays the updated data using the refreshed local IOK file's configured views and layout. Option 2: Web authentication of Omniscope IOK files however obtainedEven if the file has not been obtained by download for your own website...perhaps becasue it has been forwarded by e-mail, or folder synchronisation service like DropBox, GDrive etc. assuming you have Server Edition or higher, you can still configure your IOK file to use "server permissioning". Server permissioning (if configured) is a second check that Omniscope performs before allowing you to open, view and explore the file. This option is applied using the Save-as dialogue file security settings available in Server Editions or higher. To configure, you must supply an arbitrary HTTP/HTTPS URL which requires authentication. On attempting to open a server-permissioned IOK file, however obtained, on your local machine, Omniscope will still prompt the file possessor for the username and password for that URL, just as if the Omniscope IOK file were a web page on a remote server. This allows you to restrict access to the IOK file according to the credentials required for any permissioned web server page you choose, and allows you to withdraw or change access rights to the IOK file even AFTER publishing your data. More detail on applying server-permissioing to control access to local Omnicope files is here. Option 3: Requiring Omniscope files to be downloaded only from your siteThe Domain-locking option enables commercial publishers and others to require that anyone trying to open their files must be logged in to their website, and ensures that stale copies of files cannot be saved locally and forwarded to others. Sensitive corporate data can be protected such that if users' web credentials are revoked via Active Directory/LDAP etc., they can no longer open or refresh any corporate Omniscope files they may still have copies of, because these files require http: authentication and are 'locked' to secure corporate domains. If an invalid user attempts to open a downloaded, forwarded, file-syched or otherwise locally-saved copy of a domain-locked file, Omniscope will not permit the file to open and will display an owner-configurable notice. More information on Domain locking Additional security options required: Owner-lockingLike password-protecting a file, Server permissioning and Domain locking options preventing unwanted users from opening a file, but depend on settings INSIDE the file, whereas HTTP Authetication on the web server does not. Therefore, once a secured Omniscope file has been successfully opened, a licensed Omniscope user can choose to save the file with internal security settings removed. To prevent this, you must also add the extra layer of security by applying 'Owner-locking' to the file. This file security setting is also available in the Save dialog in all Editions.
|