CDML submission of Username and Password

[Unable]

Designed in FMPro 5.0.v3

More pedantry.

This demonstrates the submission of a username and password through a CDML hyperlink using FileMaker Access Privileges in conjunction with Web Companion. This approach, combined with a bit of JavaScript and frames presents a fair amount of site security.

For NEWBIES, this demonstration also uses a JavaScript form submission, the FMP-LinkRecordID tag, and the code to use images in lieu of form buttons, among other things.

After you decompress the folder you will want to open the file jsopen.fp5, probably by dragging and dropping on your FMPro 5.+ application. You will be asked for a password. Enter banana. You then can view the settings for groups and passwords in Access Privileges.

Do NOT open Web Security databases. Do NOT set Web Security.fp5 for this db file. Do make sure that Web Companion is enabled (File > Sharing...).

For this demonstration remove all files from the folder and place them loose in your Application's Web folder. Open the database using the password banana. Open the browser of your choice and enter http://localhost/default.htm/ .

NOTE: if you are using any port other than 80 you will need to append that port (e.g. :591) to the initial URL entry in the browser. You will also need to edit the format files accordingly. AFAIK, to edit format files you can do so by dropping them into SimpleText or NotePad.

The -error file (later.htm) is included. Because the solution works (and is limited in its scope) it is unnecessary. It is something used during development and I just didn't edit out the references (lazy).

There may be something in here which is useful.

HyperLink.zip

[Unable]

Ok. To start I'm no expert... I made an erroneous statement in the above demonstration. Please note that both Web Security and Access Privileges can be used together.

Maybe I should be embarrassed, but I'm not embarrassed about learning, and hey, I'm willing to share my mistakes so you don't make them.

So here is a new demonstration of using the combined protocols. It is very much like the (now) co-demonstration above, i.e. the format files and gifs are named the same (though there are text changes and changes in links and forms regarding the db file name and initial entry to the db file through Web Security.fp5). The db is the same, but renamed and assigned three groups:passwords. And Web Security.fp5 must have a record created for this database.

First, after unzipping (unstuffing) the files, you need to open the db file. If it is not marked with the FMP logo, it probably needs to be dropped onto your Application.

To open the database file for use with the demonstration, when prompted enter the password pun (it is associated with the group oh, as in ohpun the database file). The db file should open greyed and with "Access Denied" showing (record data not visible).

You must create a record in Web Security.fp5. Enter in Database Password: way. Enter in User Name: web. Enter in User Password: cgi. Select the User Permission: Browse.

Web Companion plug-in (with latest WC updaters) should be selected (it was when compressed, along with single user). With a Mac Local Data Access Companion is also selected. I am blissfully unfamiliar with the pc choices.

You can move the folder into the folder Web, but you need to extract everything from the folder and let it be loose in Web. This keeps the paths simple.

This demonstration was created in FMPro 5.0v.3 (with latest WC updaters). The links and forms are designed to run on localhost using port 80. If you are not using port 80 you will need to edit the links and forms to establish your port. If you are using port 80 enter the URL http://localhost/default.htm. If you are using another port enter the URL http://localhost/default.htm:portno, and edit the format files to reflect the port number you use.

You know what to do. Enjoy.

redfaced.zip

[Leb i Sol]

Please note that both Web Security and Access Privileges can be used together.

- FM Access Priviledges?

[Leb i Sol]

Hi Unable!

U made me do some more reading......

...and I never knew this:

FileMaker Pro also provides two primary methods of web security: access privileges and the Web

Security Database.

[Unable]

Yes, from the "either ... or" which you cite I inferred it to mean one or the other, but not both. No wonder I'm no expert.

The first demo above uses just Access Privileges.

Other demo's I've posted use just Web Security (all users, no password in the db file).

The second demo above uses both Access Privileges and Web Security in combo.

Perhaps they all hold the truth.

That which uses just Access Privileges seems to be immune from CharlieB's probe. But how hackable is a web site which uses just Access Privileges? I really don't know and would like to see some theory on this.

[Leb i Sol]

Hi Unable!

Thanx for the respond and clarifying it...it is hard to "beat the Enlgish language to the bare bone" and undersand what they 'really' meant

...I often wonder about FM on the web+CDML and how secure can you really get it to be. Hopefully, some "starting soul" gets to read your posts!

Thanx for sharing!

All the best!