- Features by Edition
- Latest Features
- Licensing/Activation
- Installation
- Getting Started
- Data Sources
- Deployment/Publishing
- Server Topics
- Integration Topics
- Scaling/Performance
- Reference
- Specifications
- Video Tutorials and Reference
- Featured Videos
- Demos and screenshots
- Online Error Report
- Support
- Legal-Small Print
- Why Omniscope?
|
|
|||||
Domain LockingControlling Access to IOK files by OriginEnsuring that Omniscope files cannot be forwarded or sharedDomain-locking is a powerful and effective file security and revenue protection feature. Whereas Omniscope IOK files are normally free-standing and easily transferred (by e-mail attachment, FTP posting/downloading from web portals/pages/blogs, via folder synchronisation services like GDrive & Dropbox, etc.), domain-locked Omniscope files have the additional restriction that they must be opened directly from one and only one originating website download, meaning that the user attempting to open the file must have a current, valid User ID and Password credentials for the originating website to which the IOK is 'domain-locked'. The Domain-locking option enables commercial publishers and others to require that anyone trying to open their files must be logged in to their website, and ensures that stale copies of files cannot be saved locally and forwarded to others. Sensitive corporate data can be protected such that if users' web credentials are revoked via AD/LDAP etc., they can no longer open or refresh any corporate Omniscope files they may still have copies of, because these files require http: authentication and are 'locked' to secure corporate domains. If an invalid user attempts to open a downloaded, forwarded, file-syched or otherwise locally-saved copy of a domain-locked file, Omniscope will not permit this and displays this notice:
Applying Domain Locking to an Omniscope fileIn order to domain-lock a particular file, please follow the steps listed below:
Defining the domain restrictionThe domain restriction is a text string that specifies the top-level domain of the website you want to lock the file to. Do not enter the full web address; anything beyond just the domain will not work. For example, if you were to enter the domain "visokio.com", this would restrict the IOK file so it would only open from URLs such as: "http://visokio.com/any/aaa/bbb/ccc/file.iok" "http://www.visokio.com/any/path/to/file.iok" "http://www2.visokio.com/file.iok"
If you were to enter "subdomain.visokio.com", this would restrict the .IOK/.IOM file so it would only open from URLs such as: "http://subdomain.visokio.com/any/aaa/bbb/ccc/file.iok" "http://www.subdomain.visokio.com/any/path/to/file.iok" "http://www2.subdomain.visokio.com/file.iok" Linking to domain-locked filesIf you create a link directly to the domain-locked .IOK/.IOM file, this will not work, because the user's web browser downloads the file to a temporary location before starting Omniscope and opening the local copy. You can test that domain locking is working by starting Omniscope and choosing Open from the web from the Open file dialog, then pasting the full URL to the .IOK/.IOM file such as "http://visokio.com/any/aaa/bbb/ccc/file.iok". To create a smoother experience for the user, it is best to create a Visokio .ILF file on the server which references the domain-locked IOK/IOM file as follows:
Example:Here is a working example of domain-locking a file, testing the lock, than using an .ILF file link to provide access from HTML pages. Note: this demo visokio.com domain hasn't been password protected. Your domain generally will be password-protected.
Testing the domain-locked locked-status:
http://www.visokio.com/files/Resources/OUGuide/453_FileSecurity/Bond_prices_domain_locked.iok
Best practice is to link the user to the file via an Omniscope .ILF file constructed as described above:
Click here to download the .ILF file pointing to the domain-locked file.
|
