Security Options

This is not intended to be an exhaustive list, but rather a general guide for selecting the security option which best fits your needs. 

1. PennKey-protection

Description: Anyone with a valid PennKey/password combo can view these files.
Advantages: Easy to implement; generally works well for most documents which don't require special security; search engines will not be able to find these files for indexing.
Disadvantages: Pages are viewable by anyone with a PennKey. This includes guest accounts and those with other loose affiliations with Penn.
Implementation: Instructions for MODX-managed sites can be found in our general instructions, Chapter 9.  

2. Access restricted to a subset of PennKeys, only

Description: Requires PennKey/password combo, but only a certain subset of PennKeys are allowed to view these files.
Advantages: Security is more selective, and is based on PennKey; search engines will not be able to find these files for indexing.
Disadvantages: All users must have PennKeys; list of PennKeys must be maintained manually; maintenance may be too unwieldy for large groups.
Implementation: Contact PMACS.

3. Single username/password combo (not PennKey)

Description: Requires a single username and password for access; not associated with PennKey.
Advantages: Enables those without PennKeys to be able to access these files; may be a better option for unwieldy groups of users; search engines will not be able to find these files for indexing.
Disadvantages: Not very secure since users may give that username/password combo out to others (more likely than with PennKey); may require regular maintenance — periodic password changes which must be communicated to the group, must provide ongoing support to those who have forgotten the password, etc.
Implementation: Contact PMACS.

4. Penn+Box

Files can be shared in the cloud using Penn+Box which is provided by The University of Pennsylvania. With this service, individuals with active full or part-time faculty, student, and staff affiliations can manage files and folders and control who has access to view or edit from within or outside of Penn. For more information or to get started with Penn+Box see the Penn Computing Website.

5. UPHS Intranet

Patient-sensitive data should be stored on the hospital's intranet server which is protected by the hospital firewall. Contact the UPHS Web Applications Group for more details.

6. "Security by obscurity"

Description: "Security" is achieved by not linking to the page from any other page on the web; instead the URL is provided only by word-of-mouth.
Advantages: Easy to implement; easy for users to see; requires no login.
Disadvantages: These files are not really secure; someone could send this URL to others, submit it for indexing, or link to this page without your knowledge; if this happens, search engines will be able to find these files for indexing.