Portals
Visibility: private vs password
When to use private login vs password-gated portals, and the security baseline.
Concept page — when to use each visibility mode, plus the security baseline. Portal visibility controls who can reach your content and how they authenticate. boveDAM offers three visibility tiers: private (login required), password-gated, and public.
Private (login required)
Private portals require the client to have a boveDAM account and be an explicit member of the portal. This is the most secure option and is appropriate for NDAs, unreleased brand work, or ongoing retainer clients who have a persistent relationship with your workspace.
When a visitor arrives at a private portal URL without being logged in, they are shown a login screen. If they are logged in but not a member of that portal, they see a 403 page.
Password-gated
Password-gated portals are accessible to anyone who knows the URL and the password. boveDAM generates a bcrypt-hashed password token — the plaintext password is never stored. You share the password out-of-band (email, phone, message thread).
This mode is appropriate for: one-off client deliveries, pitch decks, or any situation where creating a boveDAM account for the recipient is impractical.
Public
Public portals have no authentication. Anyone with the URL can view and download (if download is enabled). Use public portals for press kits, open brand guidelines, or portfolio showcases.
Security baseline
Regardless of visibility mode, all asset files are served via signed URLs with a 5-minute TTL. Even if a client copies a direct file URL, it expires quickly. See Signed URLs and security for details.