Web Application Security

Description

Web publishing applications only. You can control access to your web application pages by:

  • Requiring login with or without additional passwords

  • Specifying which pages require user login

  • Assigning users to groups

  • Granting page access only to specified groups

The A5W pages processed by the Application Server :

  • Can "see" the currently open database

  • Have their own variable space

  • Can open local URLs only under the local webroot

  • With Xbasic can open, read, and write files both inside and outside of the webroot folder structure

When used with Alpha Five databases, A5W pages:

  • Cannot run any code or modify any variables located inside your database.

  • Cannot access the Control Panel

  • Cannot access the desktop user interface

  • Cannot access to the desktop's global variables

In addition, you can prevent pages from being cached in the user's web browser.

  • Local, shared, and global variables created by Xbasic code inside a page exist only for as long the A5W page exists.

  • Session variables persist across pages.

  • Protected session variables cannot be seen by end users.

You may optionally use:

  • The HTTPS protocol, which uses the SSL transport for encrypted communications

  • A Server Certificate which confirms your website's identity for your users

See Also