Can I have it both ways?

[Turansky]

Hello,

I have a website setup with CDML and it works great. I also can connect to the database via the remote host command. The problem I think I have is that if someone knew the IP address they also could access this database via Filemaker. I want to setup a password but when I do it it also asks for the password on the website using CDML!? I don't want that. Can I have it both ways? No password using CDML accessing the database and with a password using remote host?

Thank you

Kent

[Anatoli]

Use good firewall for this.

Also be aware, that anybody with browser can get all data from database served to web.

Use good security measures.

[Vaughan]

Keep the password in the database (very important). Set up the Web Security databases and configure Web Companion to use these to control access to the databases through the web. Very flexible.

[Turansky]

I set a password going to File > Access Privileges > Passwords

I then set up sharing and the web companion.

When I try to access the database using Remote Host it asks for a password. Great!

But when I surf on the web and try to go to the pages using this database it asks for my password!? Not good. How do I get the password not to show up via the web?

Thanks

Kent

[Turansky]

Ok so I was just reading from Maria Langers book and she talks about putting no password into the password box and this will stop the prompting from the web. So I think my problem is solved unless there are any other words of wisdom for me.

Oh my gosh!!! I was just reading the Security Loophole thread. Now I'm not sure about anything!

Thanks for the input

Kent

[Keith M. Davie]

Kent, my site is set in WC for all users, no password. I really think the WC protocol is lacking in elegance. I use ScriptMaker to remove passwords (and other "privileged data") from WC / Sharing db files to db files which do not use WC / Sharing. ScriptMaker can be very useful in this way. It works where inlineactions keep things in WC / Sharing db files.

There is a current thread on this forum "Users add username/password to Web Security DB". You may be interested in the approach offered in this thread.

[Turansky]

Thank you Keith. I will read some more.

[rborges]

Hi all,

I using IWP for a database that contains a field called private. I created a script that omits records "Private="Yes"", so whenever the database opens the script runs. The problem is that I need certain users (Engineers) to have access to all records when viewing the data on the web and Non-Engineers (Consultants) to only view public records (non private). I tried creating a password that only displays "Limited" records, but when the database opens it runs the password criteria , then the script runs returning a No Access message in all the fields. It's conflicting since the password criteria "Browse records is limited to "Private="No"" and the script criteria is Omit Records "Private="Yes'". Still trying to figure out a method here where certain users can view certain records, Help anyone!?

-Ralph [color:"blue"]

[Garry Claridge]

A document (pdf) on the Filemaker site describes how to do this. I haven't tried it and I am not sure how it works with IWP; just CWP.

Good Luck.

Garry

[Vaughan]

Turansky: have you set up the Web Security databases and configured Web Companion to use them? Your post above does not suggest that you have...

This will solve your problems because you can set "browse" for no password, but everything (edit, new, delete, scripts) else will be forbidden.

[rborges]

Vaughan:

If you could email me some of your brain cells, I would greatly appreciate it!

Thanks for the tip, I conquered the battle (for the moment)!!

-Ralph