Handbook_131
 • Plugins • EnsemblePlugin • FirstMagicSettings • Handbook • Handbook_131
 
A FirstClass Guest Account is needed if you want to allow anonymous visitors to use forms on your FirstMagic websites. All sites can share one Guest Account between them, and the editor of each site can then insert the Guest Account Credentials on Tab 4 in FirstMagic Preferences.

Configuring the Guest Account incorrectly will be a security risk to your FirstClass Server.

If you are unsure of the security issues involved, contact your FirstMagic or FirstClass reseller before activating a Guest Account.


Understanding what the Guest Account does

FirstClass do not allow unauthenticated visitors to do file operations, so having forms for anonymous web visitors to fill in does not work on a FirstClass website. FirstMagic makes this possible by having all such requests go through a Guest Account.

• If the visitor fills in a form, the request goes through the Guest Mailbox.
• If the visitor posts a comment, the request creates a FirstClass Document in the Comments Container.

In both cases, the Guest Account logs in to FirstClass in the background to perform the file operation. This is invisible to the visitor - visitors are not moving away from the form or page they are on, the URL does not change, and it happens instantly.

If you do not use FirstMagic forms or the built-in commenting system, you do not need a Guest Account. If you only want people with FirstClass Accounts to use these functions, you do not need it either - they will simply get a login prompt and can use their intranet credentials.

The Facebook Commenting System do not use the Guest Account - it uses the visitor´s Facebook Account.
Configuring the Guest Account

Create a regular FirstClass User, and give it the following permissions:

        • Send messages
        • Send to Conference
        • Share Documents
        • Download
        • Access via Web Browser

Disallow everything else. In particular, make sure it is not allowed to log in with the FC Client, and give it as short a session as possible and as small a hard disk allocation as possible. Make sure it is not allowed to modify Mailbox preferences, and do not give it access to any intranet objects.

Watch session and hard disk allocation usage for a while; these settings may have to be adjusted depending on traffic load.
Securing the Guest Account

In the FirstMagic installer download, there is a folder named "Extras". Locate the "Guest Account Kill Switch" folder there, and upload the Index.html document insde to both:

        • The Guest Desktop
        • The Guest Mailbox

... And protect the uploaded file. Do not rename it. This will make it difficult (not impossible) for visitors to access the Guest Mailbox.

        • Delete everything on the Guest Desktop exept for the Mailbox, Trash Can and Index.html
        • Hide the Mailbox, Trash Can and Index.html

This will leave you with a completely empty desktop impossilbe to access via FirstClass and automatically logging out anybody that tries to log in with a web browser.
Monitoring the Guest Mailbox

Sent forms will store copies of themselves in the Guest Mailbox, as well as sending confirmation copies to the original sender. This means the sender can see the Guest Account´s email address, so the the Guest Mailbox should be emptied as frequently as possible. Any incoming mail should be redirected to a container you can monitor.

• The Guest Account e-mail address should ideally be: noreply@yourdomain.xx
• Configure the Guest Mailbox to move incoming messages immediately, and:
• Delete outgoing messages as soon as they are posted
You can use a FirstClass Mailbox Rule to accomplish this.