Jump to content

IWP: validate & edit record securely


This topic is 6509 days old. Please don't post here. Open a new topic instead.

Recommended Posts

In many scenarios using FM / IWP, it's desirable to allow a person to create a new record, have the record validated, and either accept it into the system or show them errors and correct / resubmit, or cancel / delete. Once done, it's also important to block any further access (read or edit) to that record, for security purposes.

There are several problems doing this under IWP:

1. Field validation is rather cumbersome.

2. You can't force someone to logout unless they click a button, and even then it's not 100%.

3. Sometimes, hitting "reload" from a browser will reload the record when it should no longer be visible.

I have come up with some solutions to these problems, and present them here for your consideration:

1. Instead of using field validation, create a single calculation field that either returns "" if the record is valid, or a text description of the error(s) if not. For example:


InValid = 

  If(FirstName = "", "You must supply a first name") &

  If(LastName = "", "You must supply a last name")

  If(Len(EmpID) < 9, "Please supply your 9 digit employe ID")

...etc...

2. Include a "Submit" button which calls a script which checks the InValid field.

If InValid="", go to a layout which says "thanks for your submission" and sets a field called "Closed" to true.

If it is not empty, go to a layout which shows the user's entered data, along with the text in the InValid field (which will include a list of validation errors).

3. For security purposes, you want to make sure that a given record can not be viewed or edited except for the brief time it's being submitted. Use custom record-level access permissions for the Guest IWP user, such that records are neither viewable or editable after the timeout period (based on record last modification date), nor are they viewable or editable once the "Closed" field has been set to True.

4. In my setup, I actually create a new blank record for the user BEFORE giving them them first data entry layout. This allows me to set some fields and branch to a custom layout depending on the type of issue they are asking about. One disadvantage of doing this is abandoned records -- if the user just walks away from the computer at this point, once IWP times out, you'll have an empty blank record. It's fairly easy to write a script to identify these empty records and delete them at a later date, and it's interesting to see what % of your users abandon the records. I think that browsers w/o java or javascript enabled may cause these blank records, too. I'm not clear on that.

5. I do this all through https:// using a custom apache setup on mac os x.

While not perfect, this solution is working fairly well for me. Basically, it lets you use IWP to implement fairly typical secure web-form system.

Anyone else tried this?

Link to comment
Share on other sites

  • 3 weeks later...

This topic is 6509 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.