Security of files within Membership App

Aj_Cre8
Aj_Cre8 Member Posts: 628 MVP

So this has been a popular question, and I forgot to ask it during the webinar.

In terms of using the membership app to set up a intranet of sorts for a company how does Duda handle the security of the files that are uploaded to those secure member only pages.

I know that files are all uploaded to the global CDN and therefore if by some chance a specific search term is searched that file could be crawled and indexed and found on Google.

For my current client this is no good, as he is offering his dealers access to proprietary information about the products that they are selling for his brand. How can we ensure that his competitors can't get their hands on this information??

Tagged:

Best Answers

  • Sharon_Rubinstein
    Sharon_Rubinstein Member Posts: 7 Product Team
    Answer βœ“

    Hey @Aj_Pfeil,


    Sharon from Duda product team here πŸ‘‹,


    Adding on top of what @Michelle_V mentioned, the Membership pages are not crawled by any third-party bots such as Google. So, any protected files are not openly available through the web (unless they are also available in non-protected areas of the site).


    The files can be indeed accessed through the CDN but this is mostly theoretical, because in order to get the CDN links a person needs to have access to the protected page itself (and in that case, he doesn't really need these links anyway, he can just download any assets to his computer).

  • Michelle_V
    Michelle_V Member Posts: 5 Duda Staff
    Answer βœ“

    @Koo_Janzen wanted to add you to this conversation as it also answers your question from the training.

    @Aj_Pfeil to answer your other question, regarding security from hacking we are serving all our pages from the backend so if someone isn't logged in they will not be able to access the pages. Our authentication infrastructure is built with modern security frameworks used in the industry that prevent hacking. Does this answer your security question?

Answers

  • Michelle_V
    Michelle_V Member Posts: 5 Duda Staff

    Hey Aj

    Thanks again for joining the training! The files will work the same as other files and live in the global CDN, so they can possibly be crawled. This is something the product team is working on to resolve. One option to ensure his competitors are not getting his files is to use a business document securing software such as Dropbox, or Sharefile.

    https://www.dropbox.com/features/share/file-permissions

    https://www.sharefile.com/secure-file-sharing

    Additionally, I am still gathering more information on your other question about the backend security steps being done to prevent hacking on membership pages. Sorry for the delay.

  • Aj_Cre8
    Aj_Cre8 Member Posts: 628 MVP
    edited March 2022

    Thank you.

  • Aj_Cre8
    Aj_Cre8 Member Posts: 628 MVP
    edited March 2022

    So, crawling I guess wouldn't be that big of a deal. It was mentioned in the FB group that when called (if it was found) only a few snips of text could be found.

    I am more interested in knowing if that link is clicked on from Google (in which it would go to the global CDN URL for that file) would it be protected by the membership app and require a login??

  • Eva_Pettifor
    Eva_Pettifor Member Posts: 18 MVP

    @Aj_Pfeil thanks for adding this in here. I should note that in the Facebook post, I mentioned the snippets of text visible in google SERP for PDF's on a login page that I was actually referring to this happening to me some years ago on another platform, Adobe Business Catalyst - not Duda. My concern (as you mention above also) is that Duda's PDF links are going to be completely 'public', ie the file will be able to be opened.

    I still don't think it's acceptable to have the snippets of text coming up in the SERP results at all. With my example, that small amount of text actually revealed some confidential information even though the full file could not be opened.

    Glad Duda is looking into it, thank you @Michelle_V . Hopefully this security can be sorted within the Duda platform so membership pages are a complete solution without requiring 3rd party file manager. To go this extra step would be particularly cumbersome if a membership page had only a small number of files...