Is Data safe on my server

Hi All,
If I put files into the ‘Documents’ folder i.e. ‘SpecialFolder.Documents’ - how safe are they there ?

I see that if I try to navigate to that folder via my browser address bar it tells me I have no access. This is great but then I’m
no hacker, and I imagine others would know how to get around such things to get access to other files sitting on the server.

Do the cloud security features lock all access to anything but the top level of the server folder without knowing the ftp
username and password details ? I read on the Xojo website that the cloud is very secure but what exactly does this include ?
I’ve heard of apps that can bypass the index.html file and view the entire directory and potentially download files.

I’d like to include some files on the server to be used in an app but am worried about the possibility of someone/anyone gaining
access to them as they would be easily read. An SQLite datafile for example can be opened and read with a text editor.


Documents is technically available from the outside world through HTTP.

I would create a folder for your app in the Shared Documents folder. In there, the files will be totally unaccessible to the outside world.

Thanks Jason.

You’re welcome Barney.

Jason, I’ve since done this and it is working well. I have three apps running on my server, all with databases. I wonder now if I repeat the process for each of these and generally adopt the habit of putting all database files for Apps in this Shared_Documents folder. I can think of advantages to this such as in the instance where I might have to tear down and reinstall an app from scratch. Additionally it just means all database files are in one place, they are protected from hackers… etc etc Can you think of any reason not to do this ? Thanks.

As Jason said, you should create a folder within the Shared Documents folder for each of your apps so they can keep stuff separated. If you put a file in there came containing the build date of your app (app.executablefile.modificationdate.sqldatetime), you could check that on launch to determine if anything needs to be deleted when a new version is built.

Keep in mind that you also have access to Shared Documents via SFTP. so if you need to delete anything, you can do it that way as well.