well i have a database working with web-security, i have a set of webpages from which only authanticate users can enter their projects and report information, but the problem is ,after login to the database anyuser can edit anybody's else project report, i don't know how to allow the users permissions on to the complete form(contains many fields).

if anybody knows how to solve this ...please let me know as soon as possible..

thanks,

goyal.

If you will carry the login name/password trough tokens and include that as valid search criteria no one will be presented with someone else page.

Then you need something like "forced frames" technique to disallow users to get through URL line to area where they do not belong.

Even better is to hide the URL area and disable right-click for PC users.

On the other hand -- FM has left open all security doors wide open and anybody can get usually all records from any FM driven web site.

Not from ours, because we developed the Fabulous FM Security Filter.

problem.txt

well searching is not really a problem, because everyuser has permission to search into the whole database, problem comes when editing comes into the picture, because i want a user to edit his/her own records not of the others,for this reason i have made two fields in the databse, 1-username(enter by the user),2-currentuser([FMP-ClientUserName] which goes directly to the database) and if these fields are equal then that user has permission to edit that record ,elsenot. i'm checking this condition in the javascript and i've put a [FMP-InlineAction: -db=buglist, -lay=One,-recid={CurrentRecID}, -edit] inside javascript,but it doesn't work?? is there any other way???

The [FMP-InlineAction] tag is processed before the Javascript. They are processed before any other CDML tags.

I saw a tech paper on the Filemaker site about record level security. It maybe of value.

All the best.

Garry

I cannot help you with your solution, but you can hire me.

I am giving you mine solution, which is working everyday perfectly and for free

"...because i want a user to edit his/her own records not of the others,..."

Custom Web Publishing.

My site does what you desire. I do it using ScriptMaker scripts successfuly and safely in browser solutions. My web security is set for all users, no password. My clients never see a FileMaker generated username/password window. Instead they see my protocol for username/password. FileMaker's protocol lacks elegance. Develop your own.