Web Application Security
Description
Web publishing applications only. You can control access to your web application pages by:
Requiring login with or without additional passwords
Specifying which pages require user login
Assigning users to groups
Granting page access only to specified groups
The A5W pages processed by the Application Server :
Can "see" the currently open database
Have their own variable space
Can open local URLs only under the local webroot
With Xbasic can open, read, and write files both inside and outside of the webroot folder structure
When used with DBF databases, A5W pages:
Cannot run any code or modify any variables located inside your database.
Cannot access the Control Panel
Cannot access the desktop user interface
Cannot access to the desktop's global variables
In addition, you can prevent pages from being cached in the user's web browser.
Local, shared, and global variables created by Xbasic code inside a page exist only for as long the A5W page exists.
Session variables persist across pages.
Protected session variables cannot be seen by end users.
You may optionally use:
The HTTPS protocol, which uses the SSL transport for encrypted communications
A Server Certificate which confirms your website's identity for your users
See Also