NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: ccordes on November 17, 2010, 11:14:11 PM

Title: calling a form with no browse
Post by: ccordes on November 17, 2010, 11:14:11 PM

Hi
Is there another way to call a form without a browse than what is in the docs? I notice that browses do not have the record Id in the request string in the URL.
The docs say to tack on change_btn and id= xxx to the URL. Doesn't seem very secure.

Thanks
chris

Title: Re: calling a form with no browse
Post by: Bruce on November 18, 2010, 02:41:27 AM

Hi Chris,

The URL makes it neither secure, nor unsecure. the real security is on the form itself, by validating that the current user has rights to the record before writing it.

That said, the newer approach, of using a hashed unique ID is "more secure" in that the actual ID field is unknown. This needs to be further closed down though so that the actual ID, if used (like mentioned on FAQ W4) will fail.

Coupled with that is the need to document the technique for calling a form directly, but using the new hased-id approach rather than the old id approach. That's not documented yet.

cheers
Bruce
 

Title: Re: calling a form with no browse
Post by: ccordes on November 18, 2010, 06:36:05 AM

So the same filters that a browse might have for a specific user, could/should be used at the start of the form.
good idea...
thanks