Syncplify.me Server! v4.1.6 released

We have just released version 4.1.6 of our Syncplify.me Server! software. This version features the following improvements:

  • Fixed: bug in the REST server that caused outbound connections to be attempted even when the server was working “offline”
  • Experimental: VFS.ImportFile and VFS.ExportFile functions to import and export files into/out-of the current VFS from inside event-handling scripts (with support for both plain and encrypted VFS types)

Warning: upgrading to this version from any version prior to 4.0.34 will invalidate your license, so please if you are a customer – before you upgrade – contact us to request a license reset.

Note: if after the update you notice any unexpected behavior in the web interface, just hit Ctrl-F5 in your browser; that will force the browser to reload the page as well as all back-end scripts and update the ones that may have been cached from previous versions of the software.

As usual you can download this new release from our website.

HTTPS “connection not private/secure” – what it is?

Syncplify.me Server! version: 4.0.0+

After installing Syncplify.me Server! v4.0 you will be able to manage it securely via web interface over HTTPS.

Now, a very common choice is to use a self-signed certificate, because it saves money and if you know what you’re doing it doesn’t compromise security. This is, in fact, the most common choice among our users (according to our surveys).

But if you use a self-signed certificate, your browser will warn you that your connection may not be private or secure. That’s because self-signed certificates are often used for man-in-the-middle (MitM) attacks. But this is not the case, of course, if you can verify that this particular self-signed certificate was created by you and for you.

To get rid of this annoying message, you basically have 2 options:

  1. Spend some money to buy a trusted X.509 (SSL/TLS) certificate from a Certification Authority like DigiCert, Comodo, Thawte, and the like. It goes without saying that this is the recommended choice, as it takes advantage of the inherent trust chain provided by the Certification Authority.
  2. Verify and accept the self-signed certificate you have just created and add it to the trusted keychain of your browser. In this case you are advised to always verify the certificate’s fingerprint to make sure it’s really the one you created yourself, and that you’re not a victim of a Man-in-the-Middle (MitM) attack.

Continue reading