Jump to content
Sign in to follow this  
andieroid

Exact find problem: any ideas? please!

Recommended Posts

A while back I set up (what was meant to be...) a small protected area for our customers. Access to the site was by performing a simple "find" on the unique username and password contained in each customer record.

The site has grown quite big (400 customers) and only now do I realise that the "find" will work on EITHER password or username (and worse still on any part of either). I tested it when I first set it up and I was sure it was secure (obviously I was very wrong!)

I have added the html <INPUT TYPE="hidden" NAME="-op" VALUE="eq"> to the form, but the find continues to work as VALUE="cn".

As you can imagine - I need to find a solution very fast or take this section offline now. Can anyone tell me how to ensure that the Web Companion performs an exact find?

Share this post


Link to post
Share on other sites

Another simple way, but less error prone, is to rely on relations instead of a Find sequence. As you've discovered, using a Find function for this does not work well. Relations are based on exact matches, and are well-suited for this.

Create a small table of users, with a password field.

Then in the entry point, have a relation that utilizes the user's name, and their password, using a compound key. When they fill in their name, and then their password (using two fields), the concatenation of those two fields will either produce a relationship to their existing User file, or not. Create an Enter script (with a button) that checks to see if the relationship exists (IF COUNT = 1), and if so, allows them in.

Having a User Table also allows you to assign each user their own password, plus makes it easier to add or delete users to and from the system as time goes on. It's also handy for many other things in a multi-user system, but that's another post. smile.gif

HTH

Share this post


Link to post
Share on other sites

Many thanks for this,

I suspected that I may have gone about my customer database a little bit simplistically!

There are actually three entry validation fields in the database, one for username, one for password the other, a concatenated field that I am currently doing the "find" on.

I thought I could do more-or-less what you have suggested on the concatenated field, but you are hinting that a relationship would achieve the "exact" match that a simple "find" can't do properly?

I'll have a try at the relations approach.

Thanks again ooo.gif

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.