How bad an idea is it to enable websharing on the Web Security Database to allow users to add themselves to the database (with all privileges etc submitted as part of a form so they can't change it from what I want them to have), also, it'd be restricted so that they can only add a user, not view user lists, edit or delete users etc

Is this a really bad idea or would it be OK if it were tied down tightly enough?

Ha! I already tried to do that and it's a catch-22. If you use the Web Security Database, it cannot be used to publish itself. What I did was duplicate the WSD db's and then published those. I used a web-activited script to shuttle data to the real WSD after the user confirmed.

It seemed to be working well enough, but I needed to restrict users to their own records and was not able to get FM5.5 to do that. Since that time I read some possibilites, but I had already scrapped the project in favor of PHP/MySQL so I cannot give you a real life de-bugged tried-and-true recommendation. It SHOULD work well enough for most general purposes, but security is relative, eh?

--ST

P.S. Edit... Actually, now that I just re-read my post I think I only used a copy of the Users db of the WSD. I even modified it to include more info about the users than the default Users db does.