Jump to content

Exact find problem: any ideas? please!


This topic is 6708 days old. Please don't post here. Open a new topic instead.

Recommended Posts

  • Newbies

A while back I set up (what was meant to be...) a small protected area for our customers. Access to the site was by performing a simple "find" on the unique username and password contained in each customer record.

The site has grown quite big (400 customers) and only now do I realise that the "find" will work on EITHER password or username (and worse still on any part of either). I tested it when I first set it up and I was sure it was secure (obviously I was very wrong!)

I have added the html <INPUT TYPE="hidden" NAME="-op" VALUE="eq"> to the form, but the find continues to work as VALUE="cn".

As you can imagine - I need to find a solution very fast or take this section offline now. Can anyone tell me how to ensure that the Web Companion performs an exact find?

Link to post
Share on other sites

Another simple way, but less error prone, is to rely on relations instead of a Find sequence. As you've discovered, using a Find function for this does not work well. Relations are based on exact matches, and are well-suited for this.

Create a small table of users, with a password field.

Then in the entry point, have a relation that utilizes the user's name, and their password, using a compound key. When they fill in their name, and then their password (using two fields), the concatenation of those two fields will either produce a relationship to their existing User file, or not. Create an Enter script (with a button) that checks to see if the relationship exists (IF COUNT = 1), and if so, allows them in.

Having a User Table also allows you to assign each user their own password, plus makes it easier to add or delete users to and from the system as time goes on. It's also handy for many other things in a multi-user system, but that's another post. smile.gif

HTH

Link to post
Share on other sites
  • Newbies

Many thanks for this,

I suspected that I may have gone about my customer database a little bit simplistically!

There are actually three entry validation fields in the database, one for username, one for password the other, a concatenated field that I am currently doing the "find" on.

I thought I could do more-or-less what you have suggested on the concatenated field, but you are hinting that a relationship would achieve the "exact" match that a simple "find" can't do properly?

I'll have a try at the relations approach.

Thanks again ooo.gif

Link to post
Share on other sites

This topic is 6708 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.