DAF 3.5: What is the DAF File Access Controller?

What is the "DAF File Access Controller?"

Overview

The main purpose of this new feature is to make possible granting or denying access to files and directories without using NT permission and without having NT specific rights.

The DAF File Access Controller adds two notions to the previous DAF release:

The notion of DAF Groups: each web user can belong to one or several DAF groups.
The notion of DAF permission: for each file or directory access rights can be set for one or several DAF Groups.

How is the group information for a web user defined?

With an ODBC database: there is an extra SQL column where the group information for each web user will be stored.

With a TEXT database: the group information is included in the line defining a web user. The following example defines the web user "Thomas" with these properties:

- web password: pass
- NT user mapped: john
- NT password mapped: goodboy
- belongs to DAF groups: "grp1,""grp2" and "grp3"
- account expiration date: 1998-10-20

------------------------------------------------------------------------
thomas:pass,john:goodboy#grp1;grp2;grp3,1998-10-20
------------------------------------------------------------------------

How are defined permissions used by the DAF File Access Controller?

Rights for a directory are set through a simple text file (DAFAUTH.INI) copied in each directory for protection.

For example, lets say we have a directory "wwwroot/daily" including four files: INFO.HTM, NEWS.HTM, FREE.HTM and the permission file DAFAUTH.INI.

------------- begin file DAFAUTH.INI -----------------

[Directory]
group1=disable
group2=enable

[news.htm]
group3=disable
group4=enable

[free.htm]
everybody=enable

------------- end file DAFAUTH.INI -----------------

With this configuration:

All users will have access to file FREE.HTM, since this file has the permission "everybody=enable"
All users who belong to group "group1" will NOT have access to file INFO.HTM (Since the file permission for INFO.HTM is not specifically defined, permission for Directory is used.)
All users who belong to group "group2" will have access to file INFO.HTM (Since the file permission for INFO.HTM is not specifically defined, permission for Directory is used.)
All users who belong to group "group3" will NOT have access to file NEWS.HTM (specific permission for NEWS.HTM: group3=disable).
All users who belong to group "group4" will have access to file NEWS.HTM (specific permission for NEWS.HTM: group4=enable).

Important remarks:

Since permissions are set through a text file, an NT user only needs the NT permission "write" to be granted or denied access to files or directories.
In other words, if you offer web site hosting, your customers will be able to easily manage permissions for their web site.
DAF File Access Controller manages access to files and directories only if they are requested through HTTP/IIS.
All features available with previous releases of DAF are still available in DAF 3.5 and newer. DAF 3.5 can be used with the same configuration as 3.1.
The file DAFAUTH.INI can never be downloaded through HTTP/IIS. This is true regardless of user name and password.