Links with authentication

You can include credentials in a link. Your options are:

• use the standard URL form http://USERNAME:PASSWORD@yourIpOrDomain/someFolder/

  This is a good option if you want to point to single files or use command-line tools like curl or wget. Be sure you are using HTTPS because otherwise your password can be easily read by techies. It doesn't work with folders because modern browsers don't send credentials at first; they require the server to respond with "basic" authentication, which is incompatible with HFS's own safer authentication (unless you are using a legacy browser).

• use this form http://yourIpOrDomain/someFolder/?login=USERNAME:PASSWORD

  Not standard, but a good alternative.

Be sure you are using HTTPS because, in both cases, your password can be easily read by techies.

Disabled accounts

What happens when you disable an account?

• if a user is disabled, it cannot log in
• if all the groups of a user are disabled, then it cannot log in (even if the user itself is not disabled)
• a user won't inherit permissions from a group if this group is disabled

Groups

Important facts:

• an account can be member of multiple groups;
• a group can be member of another group.

Trivia

While the interface displays groups and users, HFS internally treats groups as accounts without passwords, making them unable to log-in; internally, there is no distinct group entity. This means that, technically, any account can belong to another, user or group. HFS only utilizes password authentication during login, and disregards it when managing memberships. While the interface won't allow it, you could make a user member of another user by editing the config file.