Search Again: Re: Web Security database, relationships, etc.. From: Shawn Hogan Date: Sunday, December 1, 2002 Time: 5:10:44 pm ISP List wrote: > Ok, I've been doing a bit more research on CDML and FileMaker's web > stuff. A few questions/observations: > > 1. If a database is *not* listed in the Web Security database, it is > impossible to query data directly from that database (say, from a > FMP-InlineAction), correct? Right. > 2. Looking at the way OptiGold's Web Security database is set up, it seems > that "Browse" and "Scripts" permission are the only ones given to "All > Users" (or, in practical terms, all anonymous users). This leads me to > believe that in no cases does the Opti web interface perform direct Create, > Delete, or Edit's on records, etc -- that is, everything used to > update/delete/create is passed to a Script (e.g. adding an E-mail address > or Domain).. correct? Correct. > 3. In that same vein, it appears that 99% of fields are set to "Dont Show" > in the Web Security database (example: MainMenu.fp5). Since that is the > case, how are simple values such as "First Name" and "Last Name" > exposed? Best I can tell, the scripts that are run put them into > "temporary variables" such as "gTemp Name" something *or* they are called > with some sort of relationship like: > > [FMP-Field: Customer ID Validation::Credit Card Name] > > Does the Customer ID Validation relationship provide some sort of addt'l > security? That is, why does calling this relationship allow "Credit Card > Name" from MainMenu.fp5 to be shown when it is explicitly set not to be > shown in the Web Security database? It's a bit complex to explain (it's something that developers at FileMaker, Inc. couldn't even understand when I tried to explain what and how I was doing it), but the short answer is yes... it's additional security. > 4. If I were to add a database to Web Security.fp5, lets say > "Services_.fp5", do I have to manually list all fields in that database in > the Web Fields.fp5 file and *then* apply the appropriate security checkbox > (e.g. Browse)? That is, is there an implicit "allow" or "deny" on fields > that are *not* listed in the drop-down box? If the fields are not listed, there are no field restrictions (it allows all access defined to the database). > 5. I've seen lots of references to FileMaker Pro Developer being a way to > get the CDML Reference. As it turns out, the CDML Reference PDF also comes > with the FMP WSC (in the "WSC 5.5/CDML/Web Tools" subdir that is created > when extracting the WSC), so no need to go spend big bucks on Developer for > that. Yeah, I forgot about that... FileMaker, Inc. started including it with Unlimited 5.5 and higher (it did not come with 5.0)... - Shawn ---------------------------------- Shawn D. Hogan President, Digital Point Solutions http://www.digitalpoint.com (858) 452-3696 --------------------------------------------------- To subscribe, unsubscribe or to search list archive please visit http://www.optigold.com/lists/isp.html ---------------------------------------------------

Messages In This Thread: Web Security database, relationships, etc.. by Mike Bacher on Dec 1, 2002 at 3:49:10 pm Re: Web Security database, relationships, etc.. by Shawn Hogan on Dec 1, 2002 at 5:10:44 pm