From what I understand (not using the web server much right now), the server uses HTTP authentication to control access to the server… so theoretically at least you could have file-level granularity. Improvements to the web engine are (IMHO) going to be required when people start clamoring for things like upload and edit support… which already exist to some degree.
But in reality, I think it’s going to be a lot of work. I’m not affiliated and can’t speak for DEVONtechnologies’ priorities, of course, but it implies a lot of coding and interface work just to manage the groups and users, much less the actual security work itself.
Thank you for the reply, will you also implement HTTPS?
I like the web server feature and find it very useful, however as it Internet-facing (my usage), I’m a bit concerned about its inherent security - i.e. man-in-the-middle attacks, sniffing et al. that could compromise the security/integrity of the hosted content.
Will you go through the trouble of purchasing a real SSL certificate? There are numerous discussions regarding the security of web transactions with self-signed certificates. None of this is trivial to implement nor to use properly so we’re looking into the options but if you want to be “completely” secure now, use tunneling through ssh or a VPN.