So. I've read some documentation on how to do Record by Record protection using Custom Web Publishing. Basically, what I've understood is that you set up a "password" field in your records. Then, when performing searches, etc., you also search on that password. In this way, only records that match by password as well as whatever you're searching for will be returned.

In effect, this is what I have set up. However, when browsing the site, it is very easy to alter searches manually and thus bypass the whole password thing. The end result is that anyone who has a valid password to my database can access any record within it. This is not good.

Any suggestions? Anyway to make these "password" field stuff really stick? Thanks in advance,

Tim.

That will give you the most security and the most difficult system to work with.

To disallow URL editing you can use forced frames in "chromeless" window with disabled right-click (for PC visitors).

It can be done with ScriptMaker scripts. Visit my site. Register (any name - you won't get any unwanted emails from me). Your password is totally removed from any file connected to Web Companion with Sharing. Once you have a name and password registered you can re-enter through the "Run another script" link. Here you will enter your registered username and password. Again, that ScriptMaker script will confirm your ability to proceed, and by the script it will be kept out of files connected to Web Companion with Sharing.

Then with tokens and other methods (not the least of which is frames) one can easily limit where a client can go and what can be accomplished.