Web Folder Security

Web Folder functionality was previously called Simple File Networking (SFN).

This page outlines best practices for securely operating a Web Folder server for BrightSign players.

Authentication

We recommend password-protecting the Web Folder directory to prevent a third party from retrieving presentation content. There are two types of HTTP authentication supported by the Web Folder protocol:

  • Digest Authentication: Negotiates with the server using a hashed password. This is the recommended authentication method.

  • Basic Authentication: Negotiates with the server using an un-hashed password. Because the password is vulnerable to interception, you should only use this method if Digest authentication cannot be implemented on the server.

To enable Digest authentication on a player, enter a User name and Password under Web Folder Authentication during the player Setup process. Digest authentication is used by default—if you wish to use Basic authentication instead, you must check the Enable basic authentication box.

If the player is already set up without authentication, you will need to perform player Setup again to enable authentication.

Directory Indexing

If you cannot password-protect the directory containing BrightSign content and presentation files (i.e. the URL for web folder specified during device setup), you should restrict indexing of this directory. This will prevent search engine crawlers from making an index of your presentation files publicly searchable and viewable.

  • Apache: Include the "Options –Indexes" line in either the <directory> directive or in the .htaccess file stored in the directory.

  • Windows Server (IIS): See this page for instructions.

  • Nginx: See this page for instructions.