Lasso security

[AlexandervB]

Please excuse me being new to publishing a FM db with lasso but I've started to learn using lasso and I'm running into some problems. I've made a .lasso page which can update a record. The record is specified by a unique fieldentry. Until now all goes well and the page displays the correct information. But when looking through the HTML source in the browser I can find the record id for the currently displayed record. Of course this is an major security problem since people can now easily request the page with a ?-RecordID= and change data. How can I limit this?

Thanks!

[Anatoli]

By inlines and security settings. You will supply the credentials for the update inline routine only. You can also check if the user is still the correct one.

That is one way. And I am not Lasso expert.

I'll suggest joining Lasso Talk.

[Christian Coppe]

Anatoli, I haven't experienced it, but page 186 of the Lasso 6 Language Guide, they propose an HTML -Update command nested in an Inline procedure. In this case, does the browser source show the -KeyField_Value ?

[Anatoli]

IMHO - if the inline is just doing the update it is not served to browser.

And you can hide the field names and everything.