From SeedCode Documentation

SCSubscribe2: Security

Security in SeedCode_Subscribe_Setup.fmp12

If you choose to host the SeedCode_Subscribe_Setup.fmp12 file on a server (which is required if you're publishing any calendars using the private link option), we advise that you restrict access to the file by adding a password to the Admin account at the minimum.

The Private Link uses the "Guest" account in SeedCode_Subscribe_Setup.fmp12, so that must remain enabled. The Guest account uses a privilege set called "XML Only", which is set up to only allow access via XML (not FileMaker or PHP). The "XML Only" privilege set has limited access to tables and layouts, primarily gathering its data from the "CalendarXML" layout.

Security in Your Files

Since the calendars published from your files are read only, there is no need for users to log into them with accounts that allow records to be edited. This is especially true if you're using private URLs like you would with Google.

We recommend that you create simple, read-only accounts for users to employ when subscribing to calendars. Just a few things to keep in mind about these accounts and the privileges sets they are tied to:

Don't use blank passwords as most calendar apps require both a username and password.
The privilege set used for the calendar must have be able to view any of the event records--and any related records--referenced on the layout you specified in "Server Settings". It also needs to be able to see that layout.
The account's privilege set must also have "Access via XML web publishing..." enabled under extended privileges.
Retrieved from https://seedcode.com/pmwiki/index.php?n=SCSubscribe2.Security
Page last modified on January 03, 2014, at 12:34 AM