As many of you already know, for security reasons there is no anonymous user in Syncplify.me Server!, and that is a design choice our team made long time ago in order to reduce the potential attack surface of our software.
Yet, some of our customers have requested if it is possible to configure a user profile to behave as an anonymous-like one. Good news! If you are running either one of our “Plus” versions, you can! Here is how.
Step number 1 is creating a standard user profile, for the sake of this example the username has been set to “anonymous”. Make sure to set a strong password, and then set the root directory and access permissions to whatever fits your needs (see screenshot below):
Now let’s create an authentication script. This is a very short script that will check the password and decide whether to let the user log in, or reject his/her access request. The script here below is a very simplistic example, but you can customize it to fit your needs:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
begin if Lowercase(Session.ReqUsername) = 'anonymous' then begin AddToLog('Anonymous user requests login with password: '+Session.ReqPassword); if ((Lowercase(Session.ReqPassword) = 'first_passwd') or (Lowercase(Session.ReqPassword) = 'passwd#2')) then begin AddToLog('Access granted'); Session.UserAuthenticated := true; end else begin AddToLog('Access granted'); Session.UserAuthenticated := false; end; end; end. |
Last, but most important step, is to associate the above script to the “on password authentication” event inside the user profile, as shown here below:
Now, every time this particular user will request to authenticate (log in) via password, the script will be run, it will check if the password matches any of the allowed passwords, and – if so – access will be granted, otherwise access will be denied, and every step of the process will be added to the log file.