11.6. File Security

Files in IntegraXor can be requested from a web browser using a web request. The frontend uses similar requests to switch between screens. Most files in the project folder can be requested but, by default, the user would have to be logged in first to access the files.

To take it up another level, files can be specifically set to a certain security role to only allow a certain set of users to have access to the file. Folders can also be set, which will protect all files and folders within that folder with security roles.


There are three "built-in" rows that appear as the first three. The first two are system files (not physically in the Project Folder but can be requested when server is running) and the USER directory which is the Project Folder root path. The roles for these are by default empty.

Security File Policy

By leaving the security roles column empty for these three settings, those system files and all files and folders within the project folder can only be requested when a user is logged in. Any user, even without security roles. The files that have already been set in the screen configuration, would follow those security settings instead of the USER (project folder). Filling up the security roles column would then restrict the aforementioned files would then only be accessible by logged-in users with those roles set.

[Note] Note

All files and folders that are already set in the screen menu configuration, then it will follow the security roles set there and ignore any settings set here.

A new row can be added at the bottom with customised paths to a file or a folder. Typing the path in the first column can be done, however using the dropdown selection "Browse.." or "Browse for folder..." opens up a dialog box that will ease the process.

[Note] Note

The paths to files or folders are relative to the Project Folder and cannot be set to a path that is not within it.


With folders the default path would end with a "*.*" which means this setting will be set for any filename with any extension within the folder path. This can be changed to "*.txt" for example to only set the roles for all ".txt" files within the folder. In the example


If no roles are set for these newly created rows, those files and folders would become public. Users as guests (not logged in) may access these files if requested. Setting roles will only allow users that are logged in with the required roles to access the files.


Example 11.1. Specific files would take precedence over folder

If the specific file path to a file has no role setting (guest/public) but the folder if resides in has an "admin" role set, then the file would still be accessible as a guest.


Example 11.2. Folders with specific extensions take precedence over folders without

If there is a setting for a folder that has an extension filter such as "*.txt" and another setting with the same folder path but without an extension filter "*.*", then any ".txt" file in that folder would follow the first setting but everything else in the folder would use the other setting.

[Tip] Tip

The closer the path is to the actual file, then that security role setting would be used to secure a file.

[Warning] Warning

Setting security roles to some files may restrict the frontend from accessing required files and break functionality.

 Special Folders

There are a few folders within the project folder which have different behavior from the one mentioned above. These folders are by DEFAULT PUBLIC and accessible through the frontend get file request. The reason behind this is that these folders have little to do with how the server runs, with an exception for the scripts folder, but the way that is handled will be mentioned later. These folders are:

  • themes\

  • styles\

  • images\

  • scripts\

[Note] Note

Security roles will still work on these folders and specific files within these folders if needed.

For scripts folder, backend scripts are stored in here and it would not be right to allow access to the contents of the script in the frontend. Any script file that is enabled as a server script will automatically have restricted access which can only be lifted if this file is specifically inserted into the security file policy list.