Macromedia CONTRIBUTE 4 User Manual
4
™
Contribute
®
Adobe
Deploying Contribute and Contribute Publishing Server
© 2006 Adobe Systems Incorporated. All rights reserved.
Contribute™ 4 Deploying Contribute and Contribute Publishing Server
If this guide is distributed with software that includes an end-user agreement, this guide, as well as the software described in it, is
furnished under license and may be used or copied only in accordance with the terms of such license. Except as permitted by any
such license, no part of this guide may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means,
electronic, mechanical, recording, or otherwise, without the prior written permission of Adobe Systems Incorporated. Please note
that the content in this guide is protected under copyright law even if it is not distributed with software that includes an end-user
license agreement.
The content of this guide is furnished for informational use only, is subject to change without notice, and should not be
construed as a commitment by Adobe Systems Incorporated. Adobe Systems Incorporated assumes no responsibility or liability
for any errors or inaccuracies that may appear in the informational content contained in this guide.
Please remember that existing artwork or images that you may want to include in your project may be protected under copyright
law. The unauthorized incorporation of such material into your new work could be a violation of the rights of the copyright
owner. Please be sure to obtain any permission required from the copyright owner.
Any references to company names in sample templates are for demonstration purposes only and are not intended to refer to any
actual organization.
Adobe, the Adobe logo, Breeze, Contribute, Dreamweaver, Flash, Flash Player, JRun, and Reader are trademarks of Adobe
Systems Incorporated. Mac OS is a trademark of Apple Computer, Inc., registered in the United States and other countries.
Solaris is a trademark or registered trademark of Sun Microsystems, Inc. in the United States and other countries. Windows is
either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. All other
trademarks are the property of their respective owners.
Opera ® browser Copyright © 1995-2002 Opera Software ASA and its suppliers. All rights reserved. - Patents for product and
any other Adobe products on CD, including tryout versions
Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110, USA
Notice to U.S. government end users. The software and documentation are “Commercial Items,” as that term is defined at 48
C.F.R. §2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such
terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202, as applicable. Consistent with 48 C.F.R.. §12.212 or 48 C.F.R.
§§227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software
Documentation are being licensed to U.S. Government end users (a) only as Commercial items and (b) with only those rights as
are granted to all other end users pursuant to the terms and conditions herein. Unpublished-rights reserved under the copyright
laws of the United States. Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. For U.S.
Government End Users, Adobe agrees to comply with all applicable equal opportunity laws including, if appropriate, the
provisions of Executive Order 11246, as amended, Section 402 of the Vietnam Era Veterans Readjustment Assistance Act of
1974 (38 USC 4212), and Section 503 of the Rehabilitation Act of 1973, as amended, and the regulations at 41 CFR Parts 60-1
through 60-60, 60-250 ,and 60-741. The affirmative action clause and regulations contained in the preceding sentence shall be
incorporated by reference.
Contents
Chapter 1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Understanding Contribute user management models . . . . . . . . . . . . . . .5
Common website configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Deployment roles and responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Deployment tasks checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Chapter 2: Preparing Your Network and Installing
Contribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Preparing your web server before you deploy . . . . . . . . . . . . . . . . . . . . . 17
Planning your Contribute site structure and connection path. . . . . . . 22
Installing Contribute and creating an administrative connection . . . . 30
Installing Contribute Publishing Server (Optional) . . . . . . . . . . . . . . . . 32
Chapter 3: Configuring Contribute and Contribute Publishing
Server to work with your website. . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring Contribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Configuring Contribute Publishing Server (CPS only) . . . . . . . . . . . . . 48
Enabling Contribute websites to work with CPS (CPS only) . . . . . . . 55
Adding users to your website (CPS only) . . . . . . . . . . . . . . . . . . . . . . . . .57
Deploying Contribute and website connections . . . . . . . . . . . . . . . . . . 59
Deploying Contribute across an organization . . . . . . . . . . . . . . . . . . . . 63
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
3
4Contents
CHAPTER 1
Overview
Adobe® Contribute™ is a website editor that lets people connect to departmental and other
websites so that they can update web page content. Administrative assistants, product managers,
human resource managers, and other people in an organization can use Contribute to update
their team website without having to contact a web team or other departmental resources.
For larger organizations, you can optionally use Adobe® Contribute™ Publishing Server (CPS)
with Contribute. CPS is a user management and publishing solution that lets Contribute
administrators manage large groups of Contribute users and monitor what those users do on the
website.
This chapter, intended for website administrators and IT professionals, gives you valuable
information you need before you deploy Contribute, and optionally CPS, in an organization. It
explains the Contribute user management models for using Contribute alone or with CPS, shows
scenarios for setting up Contribute in a variety of IT environments, and lists the people and the
various tasks involved in successfully deploying Contribute.
This chapter contains the following sections:
• “Understanding Contribute user management models” on page 5
• “Common website configurations” on page 9
• “Deployment roles and responsibilities” on page 14
• “Deployment tasks checklist” on page 15
Understanding Contribute user management models
User management lets you add and remove user access to websites and create user roles that
restrict editing privileges in a site. User management also provides a mechanism that lets users
easily connect to a website.
Contribute has two user management models: manual site connections using Contribute only
and managed site connections using Contribute plus the CPS User Directory service.
Manual connections let you communicate connection information to users, who then create
their own connections, either by entering connection information in the Connection Wizard or
by importing a connection-key file that you give them.
5
This user model works best for smaller workgroups and organizations. It allows you to quickly set
up Contribute, create a connection to your website, define the necessary user roles, generate
connection information for the website connection and user role, and send the information to
users in the form of a connection-key file.
Managed connections lets you use CPS to integrate Contribute with your organization’s LDAP
or Active Directory services, letting you add and remove user access to a website and modify user
roles without having to resend connection-key files to users. You can also create a file-based
database, using an XML file to manually enter user names and passwords.
CPS is intended for larger organizations that have several Contribute users to manage. CPS lets
you add and remove users from websites and roles without having to resend connection
information. When you create a connection to a website that uses CPS, you add users to a list that
grants access to a given website and user role. When users access the website, CPS prompts them
for a user name and password. After they enter their user name and password, they are granted
access to the website and the role you’ve assigned to them.
To use CPS, you must have a J2EE application server such as Adobe® JRun™ 4.5 installed. To
learn about other CPS functionality, see “Using Contribute Publishing Server with Contribute”
on page 6. For more information about getting CPS for your organization, see the CPS website at
www.adobe.com/products/contribute/server/.
Using Contribute Publishing Server with Contribute
Using Contribute Publishing Server (CPS) with Contribute creates a powerful solution for
managing and maintaining your website.
CPS is a J2EE-based server application that lets you centrally manage large groups of Contribute
users. CPS includes the following services:
User Directory service is a user management solution that lets you integrate Contribute with
your organization’s user directory to easily manage and authenticate users.
E-mail Notification service lets you automatically notify users about changes to web pages in
the draft review process.
Log service lets you monitor website activity so that you can easily troubleshoot problems.
CPS also has two other services that you can extend to meet your needs or use as they are:
Simple File Deployment service enables you to easily move files from a staging or testing
server to a live server.
RSS Activity Feed service produces a syndication feed that lists changes that occur in any
folder on your website.
The biggest advantage to using CPS is the ability to integrate your organization’s user directory
services (such as LDAP or Active Directory) with Contribute. This gives you individual control
over which user is granted access to a particular website and the role to which they are assigned.
6Overview
Consider a large organization with several decentralized websites. In addition to a public-facing
site that provides information about the organization, several internal sites are in use by individual
departments and workgroups. The organization uses LDAP as both a directory service that lets
users look up other employees as well as an authentication service through which administrators
set permissions that limit users’ access to file-sharing servers and other network resources.
Unlike sites that don’t use CPS to manage users, when a user logs in to a CPS website, the User
Directory service retrieves the connection information associated with that user, and provides
access to the sites that the administrator assigned. By maintaining site connection information in
the User Directory, administrators can add or remove access to websites without having to resend
connection information.
This example provides a partial listing of employees from an organization’s user directory. The
employees, their workgroup affiliations, and the sites they can access are listed in the following
table:
User Workgroup Websites
John Lydon Product Management Sales, Production, Marketing
Malcolm McClaren Product Management Sales, Production, Marketing
Martin Atkins Marketing Marketing
Keith Levine Sales Sales
John Savage Production Production
Laura Logic Web Design Sales, Production, Marketing
Jah Wobble Contribute Administrator Sales, Production, Marketing
Although this user list is oversimplified, it demonstrates one possible scenario for the way that
users within an organization might be assigned access to websites. This scenario divides users
according to their role within the organization, and assumes that they have full editing and
publishing privileges in their respective sites. Certain users have access to all the sites. For
example, the product managers, John Lydon and Malcolm McClaren, work with all the teams in
developing and launching products, and need to contribute to all the sites.
Likewise, web designer Laura Logic and Contribute administrator Jah Wobble have access to all
sites. As the web designer, Laura provides templates that are easy to add content to and that fit the
needs of users collaborating internally. The templates she maintains include those for taking
meeting minutes, for scheduling, and for providing product specifications, marketing launch
plans, and sales projections, to name a few. Laura also collaborates with Jah Wobble, the
Contribute administrator, to help determine the editing and publishing privileges for individual
users and roles.
Understanding Contribute user management models 7
DIRECTORY SERVICE
Users... John Lydon, Martin
Atkins, Keith Levine, Laura...
User list input from directory
service (LDAP, Active Directory)
PUBLISHING SERVICE
SERVER
User Directory manages users
and their connections
Sales
Marketing Manufacturing
CPS integrates with the organization’s LDAP service, which authenticates user access to various
network resources. In this case, the LDAP authentication is the first step in granting access to
websites hosted on various servers within the organization. The Contribute roles further define
user privileges in a website, determining the degree to which users can modify pages in the site.
Common website configurations
Before you deploy Contribute, consider various scenarios for setting up Contribute for large or
multi-team organizations.
8Overview
This section describes three primary configurations for you to consider as you set up a Contribute
site.
Single website on one webserver Typically, this is a website where users have read access to
the root of the site and read/write access to specific folders in the site as controlled by the file
server or network permissions. There is a single root folder and all users access the site by using
the same Contribute connection. If this applies to your site, see “Deploying Contribute for a
single website with one webserver” on page 9.
Multiple websites on one webserver This structure has a single root folder. The root folder
contains folders for each section or organizational function in the website. Contribute roles are
used to control user access to particular folders on the site and to assign a subset of the
common templates used on the site. Although not required, file server permissions are usually
used in addition to Contribute roles to restrict user access to sections of a site. If this applies to
your site, see “Deploying Contribute for multiple websites on one webserver” on page 11.
Website on a staging server and a live server Many websites use a staging web server with
their production web server. Staging servers let you create and test web content without
making it live on your public-facing website. Only when content has been approved are web
pages and their associated files copied from the staging to the production web server. When
used with Contribute, a staging server adds an extra measure of security because you can
configure your staging server so that Contribute specific files (such as administrative folders,
rollback files, and interim drafts) are not copied to the publicly accessible website outside your
network firewall. For more information, see “Deploying Contribute to a staging server and a
live server” on page 12.
Depending on how your website is structured, use separate strategies to successfully set up
Contribute for multiple users and groups. Specifically, consider where to store the Contribute
shared settings file, how to prevent overlapping connection paths, and how you’ll send
connections to users.
Deploying Contribute for a single website with one webserver
In this example, Contribute is deployed to a simple intranet consisting of a single web server
hosting a departmental website. The website has a single, common root folder with subfolders for
individual departments. The site uses Dreamweaver templates and CSS styles to enforce the look
and feel of the website and SSIs to maintain page elements such as navigation menus, headers,
and footers.
The key to this arrangement is that all users have the same Contribute site connection. In other
words, a single connection point for all users controls the behavior of Contribute when editing
the website. To restrict users to editing content in their workgroup’s folder, you would need to
create a role that limits access to a specific folder.
An advantage to this type of Contribute deployment is that users in all departments can
collaborate by sending pages for review to one another. If separate connections had been created
for each department (as in the example “Deploying Contribute for multiple websites on one
webserver” on page 11), then only the users with access to that folder could receive and edit drafts
sent to them for review.
Common website configurations 9
It is important that the Templates folder, which is located at the same level as the Contribute
shared settings folder (_mm), is accessible by all users, and the site’s CSS (CSS folder), and server
side includes (SSI folder) are protected by role settings that restrict access to those folders. Web
pages and associated files stored in these folders cannot be edited using Contribute, preventing
them from being inadvertently modified or damaged. To restrict users to editing content in their
workgroup’s folder, create a role that limits access to a specific folder.
WEB SERVER HOSTING
INTERNAL SITES
Team Sites _mm(Shared settings) TemplatesSSICSS
Sales Manufacturing Marketing
Deploying Contribute for multiple websites on one webserver
This scenario has several departmental intranet sites, each of which needs access restricted to
members of the given department. To accomplish this, the administrator creates a separate
Contribute connection for each department’s folder in the website (to essentially create subsites).
In addition, each department has its own set of Dreamweaver templates on which to base new
pages.
When connecting users to their respective sites, the administrator creates and distributes a
connection key for each website connection.
In this scenario, three administrator connections are created. The site administrators create a
connection to their department’s section of the website (for example, /myIntranet/sales).
Additional roles can be created to define any restrictions for users in the site (for example, to
specific subfolders in the Sales folder or to set editing options).
10 Overview
Users can browse the entire site but are restricted to editing in their department’s folder. By
restricting user’s editing privileges to their department’s web pages, each group can maintain
control over their web content and can act more independently with the content they make
available to the entire organization. A potential drawback to this arrangement is that users in
different departments cannot collaborate on pages. Each department must work independently.
WEB SERVER HOSTING
INTERNAL SITES
Manufacturing MarketingSales
_mm_mm (Shared settings) _mm
TemplatesTemplates Templates
index.htmlindex.htmlindex.html
Deploying Contribute to a staging server and a live server
Many organizations use a staging web server with their production web server. A staging server
lets you create websites on a non-production web server, so you can generate and test content
without making it live on your organization’s public website. The use of a staging server also lets
you maintain an automatic backup copy of all your website content.
Common website configurations 11
In regard to Contribute, the use of a staging server lets you copy only folders and files that you
specify as necessary for your website. This enables you to use Contribute to update web content
on the staging server, but only publish the necessary web pages to your production web server for
public access.
By configuring Contribute to work with content on your staging server, you can provide an extra
measure of security by not copying Contribute’s administrative files and folders to your
production server. This also lets you eliminate the presence of unnecessary files from a server with
public access.
PRODUCTION SERVER
outside firewall
New and updated web content is
copied from the staging server
to the production server
Firewall
index.html
12 Overview
STAGING SERVER
inside firewall
_mm (Shared settings)
Contribute users create
and update content on
the staging server
To use Contribute with a staging server, you create a connection to the staging server’s website.
Users can update content on the staging server. Any temporary drafts that are created during the
review process, or drafts of files that are in the process of being updated, but not yet published to
the website, remain on the staging server, protected by your network’s firewall.
When using a staging server, configure the software you use to copy web pages and related files
from the staging to the production server to not copy the following folders and the files they
contain:
_mm contains Contribute administrative files and the messaging folders used to notify users
when they have a draft that requires their attention.
_baks archives rollback copies of files.
_notes contains design notes. These files record information about who last published a given
page, and other information
MMWIP contains drafts of pages that have been sent for review but have not yet been
published to the site.
Keeping these folders, and the files that Contribute stores inside them, off your production
website provides an additional level of security. Although every effort has been made to make
these folders and their files secure, the best security measure is to keep them on a server protected
by your network’s firewall. In addition, consider using access control lists (ACLs) to secure these
folders further by restricting access to network addresses in your organization’s network.
Deployment roles and responsibilities
After you understand how Contribute fits into your organization, it’s important to understand
the various roles involved in deploying Contribute.
As a system or website administrator, you play a large part in deploying Contribute. The
deployment responsibilities include the following tasks (for a complete list, see “Deployment tasks
checklist” on page 15):
• Installing the Contribute software.
• Creating connections to websites that users of Contribute can access.
• Defining roles (a collection of privileges that you assign to specific users).
• Installing Contribute on individual computers throughout your organization.
• (Optional) Integrating Contribute with Contribute Publishing Server (CPS).
The size of your organization and the job roles associated with your organization’s websites
determine who assumes responsibility for deployment. A single system administrator may be
responsible for all deployment, or other members of the organization’s web team or IT staff may
be involved.
If you are a system administrator, this might be your first time to work with web pages and web
content. Your role as a system administrator may intersect with the role of web designer.
Deployment roles and responsibilities 13
The following table describes the function of each role that relates to Contribute:
Role Function
Contribute administrator Responsible for installing Contribute, setting up user roles and privileges,
and determining the degree to which users can access and update
websites.
Contribute administrators are often members of an organization’s IT staff,
responsible for maintaining server and network infrastructure, managing
user and file permissions across an organization’s network.
System administrator Maintains web servers and web server access. This role often overlaps
with that of the Contribute administrator and may be handled by the same
person in smaller organizations.
Web designer Designs websites, determining their look and feel, and creates and
maintains the site’s content.
Web developer Develops web-based applications, such as for absence reporting and
financial reporting, distributed to users over the web.
Contribute user Contribute users range widely in their job tasks and computer experience.
What they have is common is the need to update web page content
quickly and easily. Using Contribute, they can easily connect to a website
and safely update its content without inadvertently introducing
malfunctions.
These roles vary from organization to organization. In smaller organizations and workgroups, a
single person may handle the job of administering Contribute and determining the design of the
website. Larger workgroups and departments may have a team of people involved in maintaining
their website.
Deployment tasks checklist
The following table describes the tasks you need to perform to successfully deploy Contribute.
Task Description
Configure network and
server permissions
Plan your site structure
and connection path
Install Contribute and
create an administrative
website connection
14 Overview
Ensure that the network and server permissions allow read, write, and
modify access so that Contribute users can connect to the site and
update pages.
For more information, see “Preparing your web server before you deploy”
on page 17.
Plan your site structure, including considerations for subsites or multiple
connections, and determine your connection path.
For more information, see “Planning your Contribute site structure and
connection path” on page 22.
Install Contribute on the computer from which you’ll administer the site,
create a connection to the website by using Contribute, and establish
yourself as the Contribute administrator for the site.
To learn more about creating an administrative connection, see “Installing
Contribute and creating an administrative connection” on page 30.
Task Description
Install Contribute
Publishing Server (CPS)
(optional)
Configure Contribute
settings and roles
Configure CPS user
directory service
(optional)
Configure the Log and
E-mail services
(optional)
Enable your website to
work with CPS (optional)
Add users to the website In Contribute, add users to the website.
Deploy Contribute to
your user base
CPS is a suite of Java server applications that lets you integrate
Contribute with Lightweight Directory Access Protocol (LDAP) or Active
Directory services, and implement e-mail notifications to keep Contribute
users informed about the status of their drafts in progress.
To use CPS, you must install and configure the server on a Java
application server.
For more information, see “Installing Contribute Publishing Server
(Optional)” on page 32
Configure the administrative settings so that Contribute works more
efficiently with your website and create Contribute roles based on the
privileges and restrictions you want to place on a user’s ability to access
and edit pages in the site.
For more information, see “Configuring Contribute” on page 41.
If you use CPS, configure the User Directory service: you must specify the
user directory type, and either configure CPS to access your LDAP or
Active Directory server, or enter user information into a file-based
database. You can also configure other CPS services now, or you can do
it later.
For more information, see “Configuring Contribute Publishing Server
(CPS only)” on page 48.
Configure the log file and e-mail settings that CPS should use. You can
configure these CPS services now, or you can do it later.
For more information, see “Configuring Contribute Publishing Server
(CPS only)” on page 48.
If you use CPS, you must enable your website to work with the server.
For more information, see “Enabling Contribute websites to work with
CPS (CPS only)” on page 55.
For more information, see “Adding users to your website (CPS only)”
on page 57.
Deploy Contribute to your users, and send them website connection
information so they can access the website.
To learn more about distributing website connections, see “Deploying
Contribute and website connections” on page 59.
In addition to the basic tasks described in the preceding table, you can further enhance your
website by designing it to be more easily maintainable or by adding additional functionality by
using CPS.
Deployment tasks checklist 15
16 Overview
CHAPTER 2
Preparing Your Network and Installing Contribute
After you have given some consideration to what is involved in deploying Adobe® Contribute™
and Contribute Publishing Server (CPS), you are ready to begin. First you need to prepare your
network, then you can install the software.
This chapter contains the following sections:
• “Preparing your web server before you deploy” on page 17
• “Planning your Contribute site structure and connection path” on page 22
• “Installing Contribute and creating an administrative connection” on page 30
• “Installing Contribute Publishing Server (Optional)” on page 32
Preparing your web server before you deploy
Before you actually install Contribute and roll it out, consider how Contribute will affect your
network and prepare for it by setting permissions, access, and securing special files and folders on
your web server.
This section covers the following topics:
• “Understanding network and server permissions” on page 18
• “Understanding server access for connecting to CPS-managed websites” on page 18
• “Restricting access to administrative folders and special file types” on page 19
• “Special files created by the draft review process” on page 20
17
Understanding network and server permissions
Contribute is unique in that it allows editing of web pages directly on the server hosting your
website. This level of server access makes network permissions and access control especially
important.
There are at least three levels of permissions for every Contribute site:
• Permissions defined by the network operating system (for instance, Windows or UNIX® server
software)
• Permissions defined by the web server software
• Roles you define in Contribute
Network permissions can be set in several ways through a variety of systems. Contribute always
adheres to the network permissions for read and write access to folders. It also obeys permissions
set through LDAP and similar systems. Contribute can never overwrite any server- or networklevel permissions.
Note: The server’s network and operating system permissions, and the web server software’s
permissions, always take precedence over Contribute permissions.
Whenever you provide access to a web server, take precautions to ensure that the operating system
of the server hosting the site, as well as the web server software itself (and the FTP server, if you
are using FTP), are secure. For the best practices related to securing your website from accidental
and malicious tampering, see the documentation provided with your server’s operating system,
FTP, and web server software.
Note: You can set folder permissions to allow a user or group of users to modify a folder and later
define more restrictive folder- or file-editing options when you define the Contribute user roles.
Understanding server access for connecting to CPS-managed websites
As an administrator, you should require that users enter their own account username and
password to log in when they use FTP, SFTP, or WebDAV to connect to a website managed by
CPS. This is a best practice and the default option. The alternative is to use a shared FTP, SFTP,
or WebDAV account for a website connection managed by CPS.
Requiring users to log in with their own account username and password provides an extra layer
of security. When you share a website connection that uses a shared account, the username and
password for the shared account are stored on the machine where CPS is installed. The password
is stored as a hash of the password in a non-browsable folder, and you can restrict access to this
folder. However, the password could be at risk if it is not a strong password. Therefore, it is
recommended that you not use shared account information for any CPS website connection, but
that you require users to log in with their own account information.
If you require users to log in with their own account information, CPS prompts them for a
username and password. You can improve the user experience by creating FTP, SFTP, or
WedDAV accounts tied to your user directory service so that users do not have to know or
remember another password. If the CPS login is also tied to your user directory service, CPS can
automatically reuse the user’s CPS login information to open the connection and does not
prompt for a second password for connection information. The user also can have Contribute
remember the account username and password for future use.
18 Preparing Your Network and Installing Contribute
As an administrator for a website managed by CPS, you can view or modify FTP, SFTP, and
WebDAV settings by editing the connection.
For more information about editing website connections, see in Contribute Help.
Restricting access to administrative folders and special file types
When you create a site connection, Contribute creates special files that are stored in folders whose
names begin with an underscore (such as _mm, _baks, and _notes). These folders may contain
files with user names, e-mail addresses, previous versions of web pages, and other types of meta
information used by Contribute. The underscore allows Macromedia Dreamweaver from Adobe
and Contribute to distinguish between those folders and the other folders in your site.
Contribute and Dreamweaver use this naming convention to filter these special files and prevent
them from appearing in the Dreamweaver Site panel and in the Contribute Remote File Browser.
These hidden folders can’t be browsed, overwritten, or inadvertently altered by users.
Additionally, some search engines and automated programs are designed not to return pages
found in folders whose names begin with an underscore.
To ensure that these folders and files remain protected, review the configuration of your web
server software and make certain that you block HTTP access to folders whose names begin with
an underscore (_mm, _baks, and _notes), the MMWIP folder, and files identified by the file
extensions .lck, .mno, .bak, .lbi, .csi, and .dwt.
In particular, you might want to block HTTP access to the MMWIP folder. The MMWIP folder
contains interim drafts of files (works in progress) that you might want to protect. Adobe
recommends that you restrict access to the MMWIP folder so that only members of your
organization can browse files in that folder.
Note: In addition to using the computer’s operating system and web server software configuration
settings, you might consider using a third-party URL scanner to block HTTP access to secure these
files and folders.
Apache web servers
If your website uses Apache, you can explicitly disable browsing folders and files that begin with
an underscore. If you know how to modify the Apache web server’s httpd.conf file and have
permission to do so, you can use the DirectoryMatch directive to prevent visitors from viewing
any file in a folder beginning with an underscore.
If you’re not sure how to edit the Apache httpd.conf file or don’t have permission to do so, ask
your system administrator or Internet service provider (ISP) to do it for you. To learn more about
limiting access to files and folders, and other security issues relevant to the Apache web server, see
the documentation supplied with your Apache distribution.
Preparing your web server before you deploy 19
Microsoft IIS web servers
To prevent unauthorized users from accessing Contribute administrative folders under Microsoft
IIS, use access control lists (ACLs) to prevent read access by unauthenticated users of the
operating system as well as by clients connecting to IIS. When you use ACLs to restrict access,
only properly authenticated users can view the contents of the Contribute administrative folder.
Anonymous web clients, or other users with access to the server, cannot view the administrative
folder and its contents.
Note: When setting permissions for Contribute administrative folders, ensure that Contribute has
read/write access to the administrative folders and the files they contain. Contribute uses the settings
in these files to enforce role settings of users connecting to the site.
In addition to securing the administrative folders using the operating system’s permissions and
access control lists, consider using UrlScan to further secure IIS web servers. UrlScan is a security
tool provided by Microsoft that screens incoming requests to the server by filtering the requests
based on rules that you create. Filtering requests helps secure the server by ensuring that only valid
requests are processed.
To learn more about the UrlScan utility, see the Microsoft website at www.microsoft.com.
Other web servers
If you are using another vendor’s web server, refer to the documentation supplied with your web
server software to learn how to prevent users from accessing specific folders and files.
Special files created by the draft review process
The draft review process enables you to send drafts to users for final approval before publishing
pages to your site. When you enable the draft review process, Contribute creates a series of folders
and files used in tracking pages as they make their way through the collaborative approval
workflow. Although there are no site maintenance or planning tasks involved in enabling
approvals for your website, be aware of the additional files and folders that Contribute creates to
manage the workflow.
20 Preparing Your Network and Installing Contribute
The following figure shows an example of a file sent for review, and the files and folders that are
created when you send a user of your website a page for review.
_mm
ct3
messaging
MMWIP
WIPMetaData
wipMeta.mje1d0lzk4vxc.fre
wipMeta.mje1d0lzk4vxc.csi.chk
wipMetamje1d0lzk4vxc.csi
index.html
index.html
users
users
jlydon@acme.com
index.html
notifyWIP.jr615v2v4p.csi
_notes
3629c837.htm.mno
Preparing your web server before you deploy 21
Loading...