the best security method

[david s]

Hello to everyone,

i'd like to know what is the best security methot to:

1.protect dbs over web

2. manage password to let the web audience edit,clear,create records

My purpose is then to assembly the best method and publish here for future visitors bacause all the forums are full of security issues and notices and i really don't understand what is the best method.

Could everyone partecipate with me to this goal?

[david s]

I'd like to resolve one by one problem before going to custom publishing.

(i speaks about SERVER WEB: IIS5 + WSC + FMUNLIMITED 5)

1. NOT TO LET THE VISITOR DOWNLOAD FM DBS

- All the files are in the web folder of FMP

- The IIS privilegies for each db file are only for Admin (everyone has no privilegies): in this case nobody can see FM dbs.

- The IIS privilegies for the general folder in wich i put DBS+WEB PAGES are for everyone read,execute.

Please post here your info and corrections.

[Keith M. Davie]

[Anatoli]

Read the thread Keith suggested, and then again and again and again -- until you understand every single problem.

Windows standard security is not applicable here or should be applied as standard measure PLUS all the FM security you can get for FM.

We have developed special Security Filter for Windows -- FM combination.

[david s]

Ok i knew this.

The fact is that filemaker web publishing is completely unsecure.

My aim is, as explained before, to compile an unique article for all publisher (if it doesn't exist on this forum) that intend to publish with custom web publishing.

So i'll continue with this:

PUBLISHING PROBLEMS

Even if you can restrict access privilegies on each database file with windows privilegies you must remeber these considerations:

- All the data in your database are accessible (format,script,ecc..), so a user can do what you dbs are created to do (edit,delete,find,view,run script) and look to all the fields.

So i'm asking again: what is the most secure method to publish dbs? LASSO?

[Garry Claridge]

You can secure your databases with the "Web Security" database.

All the best.

Garry

[david s]

SECURE DBS: WEB SECURITY DB

Ok let's talk about it.

In the web security db you assign to each user the privilegies to: db,layout,fields.

Imagine a db where each record has progressive number of visits: so "everyone" should have access to "edit" or to run script that increment the visits to each record.

The user "everyone" so could run remotely the script or the edit command to make a mess....

And i'm not talking about the "new" command....

And much more the web security db is a db...so if you make a script that copy the user name (log+pass) to let him access, you must assign privilegies to "everyone" to run scripts...we are at the beginning.

I confess my skill in fm is not like others here, probably i miss a lot of things... help me to continue this information on security. Thanks to all.

[Keith M. Davie]

The_Bridge (Peter) once generously offered something on security. I regret I have not made the time to check it out. But this might be just the thing you are looking for, so you may want to check it out.

[david s]

Nothing to check there.....

Probably an old link..

Thanks anyway

[Keith M. Davie]

I'll be gone for several hours. My email link is on the bottom of my default page. Send me an email, and I'll get a copy of this to you.

[The Bridge]

Unfortunately the link to my Web Security Sign-Up Solution is gone with my once-free .mac account, and the archive itself is too large for FMForums. I'll see if I can trim it down a few k and upload it here.

[The Bridge]

Okay, trimmed it down somewhat (the PDF is now further compressed and uglier). Attached is the .zip file. Note to Mac users: Stuffit Expander will open Zip files without a hitch. In fact, I made this Zip file using StuffIt on a Mac.

WSD Sign-Up.zip

[Garry Claridge]

Have you thought about having an 'Access Log' (i.e. progressive number of visits etc) as a separate file?

Also, you should not be copying anything from the 'Web Security' database. Other ways exist for finding-out who the current user is.

Garry

[Isaiah4031]

I'm having trouble with using this over the web. When I click on "new" in the index.html (browser: Netscape Communicator 4.7 on Mac O.S. 8.6) I get an error saying "Required Field Missing: Values must be entered in the following field "."

I am so stuck on what to do.

[Vaughan]

Hello Isaiah4031

Your problem has nothing to do with the rest of the thread above, so why post it here? It sounds like you are using Instant Web Publishing which means discussions about Web Security databases aren't relevant.

Don't reply here: could you please go back and post your question again as a new thread in the Filemaker On-line forum. Then we can begin a whole new conversation dedicated to solving your problem.

Thanks.