Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

Lasso User Security


This topic is 8285 days old. Please don't post here. Open a new topic instead.

Recommended Posts

I am currently using lasso 3.6, with fm 5.5 on win2k pro.

I can add user to my user database, by letting them fill out a form and choosing their own password and login. However, i do not know how lasso can grab this user data from filemaker, and allow those user to log in the site.

Anybody know how they communuicate?

Link to comment
Share on other sites

This may not help you in your current situation, but I can share my experience with Lasso. I have potentially thousands of users, so I simply built a separate user/password database with integrated session management and let Lasso handle the security. I found that integrating the Lasso Security module with FileMaker's built-in access privileges was just about impossible to implement with any number of users. Check the Lasso list archives at

http://www.blueworld.com for reams of information about how the experts handle Lasso/FM security integration.

Tom

[email protected]

http://www.tgparker.com/filemaker

Link to comment
Share on other sites

For security with windoze (ahem smile.gif" border="0 )........read this....these guys are worth listening to I'm a Mac man myself!!!!

http://www.lassodev.com/lasso3/notes/FMLasso.html

But.......

Actually getting users to assign their own usernames and passwords in Lasso security "on the fly" as they create their record is possible but I found it to be problematic.

Similar to Tom I use a log in database system combined with session management. I have exact match fields for searching and updating records.

I use FM_Remote Module. The databases are passworded but there is a default username and password for all databases which is passed invisibly by the FM_Remote module to WC. (This is setup in Lasso Security : Remote Module : Use default enabled for each database in the list)

Actions are granted on an all users basis and I rely on the other security measures above and below to keep it all safe.

I've developed a methodology of creating my solutions based on the Corral Method so the only database information passed to the browser is the record ID and the page name (form action) All the work is done server side with Form_Param, Var, Inline and other tags.

Because there is an exact match set on updating nothing can be done with the Record ID alone (apart from by me on the server side of course...it is also refreshed after each action...relying on Record ID's over multiple sessions is not a good idea...but thats another story)

I think the security of a web application relies on a mix of work arounds and good practice. (although more of the latter is preferable wink.gif" border="0 )

These may be of some use:

http://www.lassodevelopment.com/

http://www.corralmethod.org/

http://www.corralmethod.org/pdf_docs/corral_v1.pdf

http://www.lassodev.com/

To be honest you should worry as much about the security of IIS.....I need say no more..

laugh.gif" border="0laugh.gif" border="0

[ January 31, 2002: Message edited by: scratchmalogicalwax ]

Link to comment
Share on other sites

This topic is 8285 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.