Skip to main content

 

Documentation & User Guides | FotoWare

Finding and/or changing the encryption secret

In the process of securing the server from unauthorized access, FotoWeb also encrypts vital information that is sent to clients. To this end, FotoWeb uses an encryption secret that should be unique and ensures that different sites cannot decrypt each others' data. This key is randomly generated upon installation and is different each time you install FotoWeb.

 

Where can the encryption secret be found?

  • Open the Operations Center and go to the FotoWeb tab
  • Click on the Configuration button and choose Open.
  • Then click on the Service Options tab in the window that opens and select the Advanced tab, where the Encryption Secret can be found. It can then be copied to the clipboard and stored somewhere for safekeeping.

What are the consequences of changing the encryption secret?

NOTE: Changing the encryption secret will require you to restart the FotoWeb services.

All existing preview cache links become invalid after changing the encryption secret. While this is normally not an issue, it means that intentional embedding of preview links on external sites will break.

When migrating a site to a new server, it's important to keep the encryption secret to make sure any external asset links are retained when the new server is put in production. Otherwise, the stored URLs with encrypted data will no longer be recognized by FotoWeb.

Tip! If you change the encryption secret regularly, you make it much more difficult for hackers to attack your system. However, this will also break any bookmarks to previews or thumbnails your users may have saved.