Web Application Security

Description

Web publishing applications only. You can control access to your web application pages by:

• Requiring login with or without additional passwords

• Specifying which pages require user login

• Assigning users to groups

• Granting page access only to specified groups

The A5W pages processed by the Application Server :

• Can "see" the currently open database

• Have their own variable space

• Can open local URLs only under the local webroot

• With Xbasic can open, read, and write files both inside and outside of the webroot folder structure

When used with DBF databases, A5W pages:

• Cannot run any code or modify any variables located inside your database.

• Cannot access the Control Panel

• Cannot access the desktop user interface

• Cannot access to the desktop's global variables

In addition, you can prevent pages from being cached in the user's web browser.

• Local, shared, and global variables created by Xbasic code inside a page exist only for as long the A5W page exists.

• Session variables persist across pages.

• Protected session variables cannot be seen by end users.

You may optionally use:

• The HTTPS protocol, which uses the SSL transport for encrypted communications

• A Server Certificate which confirms your website's identity for your users

See Also

• Using Variables on A5W Pages