Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Lasso User Security

glaser_david
in Other Internet Technologies

Featured Replies

I am currently using lasso 3.6, with fm 5.5 on win2k pro.

I can add user to my user database, by letting them fill out a form and choosing their own password and login. However, i do not know how lasso can grab this user data from filemaker, and allow those user to log in the site.

Anybody know how they communuicate?

This may not help you in your current situation, but I can share my experience with Lasso. I have potentially thousands of users, so I simply built a separate user/password database with integrated session management and let Lasso handle the security. I found that integrating the Lasso Security module with FileMaker's built-in access privileges was just about impossible to implement with any number of users. Check the Lasso list archives at

http://www.blueworld.com for reams of information about how the experts handle Lasso/FM security integration.

Tom

[email protected]

http://www.tgparker.com/filemaker

For security with windoze (ahem smile.gif" border="0 )........read this....these guys are worth listening to I'm a Mac man myself!!!!

http://www.lassodev.com/lasso3/notes/FMLasso.html

But.......

Actually getting users to assign their own usernames and passwords in Lasso security "on the fly" as they create their record is possible but I found it to be problematic.

Similar to Tom I use a log in database system combined with session management. I have exact match fields for searching and updating records.

I use FM_Remote Module. The databases are passworded but there is a default username and password for all databases which is passed invisibly by the FM_Remote module to WC. (This is setup in Lasso Security : Remote Module : Use default enabled for each database in the list)

Actions are granted on an all users basis and I rely on the other security measures above and below to keep it all safe.

I've developed a methodology of creating my solutions based on the Corral Method so the only database information passed to the browser is the record ID and the page name (form action) All the work is done server side with Form_Param, Var, Inline and other tags.

Because there is an exact match set on updating nothing can be done with the Record ID alone (apart from by me on the server side of course...it is also refreshed after each action...relying on Record ID's over multiple sessions is not a good idea...but thats another story)

I think the security of a web application relies on a mix of work arounds and good practice. (although more of the latter is preferable wink.gif" border="0 )

These may be of some use:

http://www.lassodevelopment.com/

http://www.corralmethod.org/

http://www.corralmethod.org/pdf_docs/corral_v1.pdf

http://www.lassodev.com/

To be honest you should worry as much about the security of IIS.....I need say no more..

laugh.gif" border="0laugh.gif" border="0

[ January 31, 2002: Message edited by: scratchmalogicalwax ]

Create an account or sign in to comment

https://fmforums.com/topic/8163-lasso-user-security/
Go to topic listing

Similar Content

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.