Password protecting files / restricting file visibility

This article explains file visibility and password protection in Finalsite's legacy File Manager, including the difference between Public and Private Files folders and why password-protecting a page doesn't secure a directly linked public file.

💡Quick answers

  • Are files in the Public Files section of File Manager restricted? No, any site visitor with the file URL can access them; this is intentional so files can be placed on pages without breaking or showing missing-file errors.
  • What's the difference between Public Files and Private Files? Public Files are accessible to anyone with the URL, while Private Files are visible only to users logged into the website.
  • Can password protecting a page also protect a linked file? No, if the linked file lives in Public Files, someone can still access it directly by typing its URL, bypassing the password-protected page entirely.
  • Is this article about the current Resources module or something else? It covers the legacy File Manager product; Finalsite recommends using the newer Resources module instead, which is available from the folder icon in left navigation.
  • Can a file itself be password protected rather than the page? Yes, file types like Excel spreadsheets and Word documents can be password-protected within the program that created them, letting anyone download the file but not view its contents without the password.

This article refers to our legacy product, File Manager. For the best Finalsite experience, we recommend using our newest product, Resources, which is already available to you in left navigation by clicking on the folder icon. Learn more at "Resources overview."

Files uploaded to the "Public Files" section of File Manager do not have any inherent accessibility restrictions.

Any site visitor can access these files, provided they have the file URL. This is deliberate; it means that any file in File Manager can be dropped onto a site page without breaking it or showing a 'missing file' placeholder.

As a result, any file stored in the "Public Files" section is, well, public. These files are visible to the internet at large.

Files that are saved in the "Private Files" section of File Manager are restricted. These files are visible only to users who are logged into the website. Public users cannot see or access those files.

It's possible to password protect a page, and then link to a file from that page. It's important to make the distinction though that this will only limit users from accessing that particular page. If the linked file is stored in the "Public Files" section of File Manager, it's still possible for a user to access that file directly, bypassing the password-protected page. The user would simply have to type the full URL of the file into their browser. This means they would need to know (or guess) the file name and the path to the directory where it's saved. There are tools available which could automate that process, which means that simply relying on obscurity by not publicizing the file name/file path would NOT prevent an arbitrary user from finding the file in question.

Certain file types, such as Excel spreadsheets and Word documents, can be password-protected from within the program that created them in the first place. Anybody would be able to download the file and open it up, but without the password they wouldn't be able to see its contents. This would be a reasonable way to easily distribute the file without revealing its contents to unauthorized users. 

Was this article helpful?
4 out of 4 found this helpful

Comments

0 comments

Please Sign in to leave a comment if you don't see the comment box below.