WEBDEV Concepts

226 Part 8: Hosting WEBDEV sites The "Miscellaneous" section includes the following options: • Email management: If the "Disable mail spool" option is unchecked, your sites will be able to send emails without blocking the execution of the different processes (asynchronous mode). The asynchronous mode must be enabled when starting the email session (with EmailStartSMTPSession or EmailStartSession ). If the asynchronous mode is enabled, all outgoing emails will be redirected to a "Spooler". Emails are queued up before being sent. Executing Email functions does no longer block the rest of the program. EmailStatus is used to determine the status of an email. Remark : If the WEBDEV administrator is closed, the email spooler is cleared: pending emails are not sent and are removed from the spooler. If "Disable mail spool" is checked while there are pending emails, these emails will not be lost: the administrator continues to send them, but the spooler will not accept any new emails. Caution : The asynchronous mode can only be used when starting a session on an SMTP server ( EmailStartSMTPSession to send emails or EmailStartSession ). This mode is ignored in the other cases. • Management of Sockets: If the "Allow server sockets" option is checked, your sites will be able to handle server sockets (via Socketxxx WLanguage functions). • If the Prevent from changing IP while browsing option is checked, the IP address associated with the session cannot change while browsing. This is used to protect against "session hijack" attacks (attack that consists in pretending to be a legitimate user connected to the server). • Don’t allow access to AWP context identifiers from JavaScript : In an AWP site, the site context is stored on the server. The identifier of this context is sent and stored in the browser via a cookie. If "Prevent access to AWP context identifiers from JavaScript" is checked, the type of cookies used will be "HTTPOnly", which cannot be read from JavaScript code. This mode protects against XSS attacks (Cross-Site scripting). By default, the access to the AWP context identifiers is not allowed from JavaScript. • Managing fCopyFileWebFolder and fDeleteFileWebFolder : The "Allow the fCopyFileWebFolder and fDeleteFileWebFolder functions" option must be checked if these functions are used in the website. These functions are mainly used to include images found in the data directory in the directory of site images (images uploaded then made available to the users, for example). Caution: The copy is taken into account by the WEBDEV administrator on the server (WD300ADMIN.EXE). The Windows account running it must have sufficient rights to the target location of the copy. • The option "Require a secure connection (https) for the remote administration sites" allows you to use the remote administration sites provided with WEBDEV in secure mode. The affected management sites are: • the remote WEBDEV administrator, • the remote HFSQL administrator, • the remote SaaS administrator. 2.7 Setups/Accounts The "Setups" tab allows you to: • Configure the server for the site setups and updates. • Manage the log of setups. Setup/Update These options are available in deployment version. They allow the hosting provider to authorize and configure the site setups and updates remotely. The "Lock server (for update)" option simplifies site updates, by preventing any new connections. When new users try to connect to one of the sites on the server, they receive a message indicating that the site is temporarily unavailable and asking them to try again later. Web users who are already connected can continue to use the current WEBDEV site. With the "The root of the "http[s]://<server>/" server lists the installed applications" option, the administrator can authorize the use of the "http[s]://<server>/" syntax to list the sites on the server. In this case, the "http[s]://<server>/" syntax shows a page with a link to each site installed on the server.