Jump to content
Sign in to follow this  
dant

Two problems: open/close and securing web portal

Recommended Posts

Here is the situation:

- FM Pro 5 Server is hosting a database (we'll call it "database.fp5") that is being used for an online/internet survey.

- The survey is posted online via HTML pages which are using forms and CDML to add/update records in the database.

- The database is also made visible in "Instant Web Portal" (this so that the admins can remotely view the database).

- I have TWO problems that have arisen from this project.

PROBLEM 1:

I placed the database and the HTML files inside a project-specific folder within FileMaker Pro's "Web" folder. So, for example, the DB and files were placed within "/FMPro/Web/survey". The problem with this set up occurred when I attempted to remotely open and close the database using the following commands in the browser location/address field:

http://111.111.111.111/FMRes/FMPro?-DB=survey/database.fp5&-Format=dbclose.htm&-dbclose

http://111.111.111.111/FMRes/FMPro?-DB=survey/database.fp5&-Format=dbopen.htm&-dbopen

I was able to initially OPEN the database, but when I attempted to close the database I received a message stating that the database was not open (huh?). I also attempted to delete and overwrite the database using FTP, but I received a message stating that a process was running and so the deletion/revision could not be made (makes sense since the database was open and running).

In order to make it so that I could open and close the database I ended up having to move the database.fp5 file out of the "survey" folder and bring it up into the "Web" folder. Once I did this I was able to edit my remote commands ("-DB=survey/database.fp5" changed to "-DB=database.fp5"), and open and close the database with no further problems.

Although this solved my immediate problem, I'd really prefer to be able to do the opening and closing of the database with the database file (or files in the case of a relational database) located inside of a job-specific folder (the way I originally had things set up). Can anyone suggest a way to accomplish this?

PROBLEM 2:

I realized that there was a major security risk posed by having the database visible in Instant Web Portal. However, I needed to allow several admin types to be able to view the database remotely while the survey was running. I attempted to look for ways to password protect the Instant Web Portal, but I could not come up with a way within FileMaker to BOTH secure the IWP AND to allow visitors to the web site to take the survey without having to input a password.

I thought about trying to apply some sort of Perl "password" script to control access to the IWP page itself, but I was unable to get the system admins to follow through on this and in the end I just shut down the portal and (once a week) downloaded a copy of the database to check the survey's progress. Is there a simple way around this problem, or is the way that I set this project up fundamentally in need of overhaul?

Any advice with either or both of these problems would be greatly appreciated. I'm hoping to learn a little something here, so that my next survey will run more efficiently and be more secure. Thanks in advance.

Share this post


Link to post
Share on other sites

To manage web user access, use the Web Security databases and configure Wb Companion to use Web Security for access control. Always have a password puilt into the database useing FMP's Access Privileges.

Regarding location of the files themelves, be aware that ANY files located in the web folder can be downloaded through web browsers simply by specifying the url and file name. DO NOT put your databases in the web folder.

Read FileMaker's white paper on web security

http://www.filemaker.com/downloads/index.html

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.