SECURITY

Attribute:

Use Security: With this option selected, the application is only accessible when the sc_apl_status macro is enabled. Disabled applications display the message "Unauthorized user" when accessed.

Access to applications may be granted through a control application to authenticate users. See the examples below.

Example 1: Activating an application called grid_categories.

In the login application onValidate event (control form application used to authenticate a user), insert the following macro call:

sc_apl_status('grid_categories','on');

Example 2: Creating a rule to authenticate by user type in a login form containing a field called userid.

In the login application onValidate event (control form application used to authenticate a user), insert the following code:

// two users: john and mary with permission to access different applications
if({userid} == 'john') {
        sc_apl_status('grid_categories','on');
        sc_apl_status('form_categories','on');
        sc_apl_status('grid_products','on');
        sc_apl_status('form_products','on');

}
elseif({userid} == 'mary') {
        sc_apl_status('grid_categories','on');
        sc_apl_status('form_categories','on');
        sc_apl_status('grid_products','off');
        sc_apl_status('form_products','off');
}
else{
        sc_error_message("Unauthorized user!");
}

Example 3: Authenticating applications using a database table.

In the login application onValidate event, enter the following code:

// the table with applications is called sec_applications
sc_lookup(dataset,"select code from sec_applications");

foreach({dataset} as $line){
$applications = $line[0];
sc_apl_status($applications,'on');
}

URL output of the security (denied access URL redirection): It redirects the user to this URL, if he does not have access to the application.
Use Password: An application password setting is required (See image below).

At run time a text box is displayed requiring the access password. If the password is not entered correctly, an "Unauthorized user" message is displayed.

In the development environment it is possible to suppress the above steps purely for testing purposes, thereby avoiding repeated password requests (or access denied) for each application execution. Disable the options Enable use of security and Enable Use of Password in the Configuration menu | My ScriptCase.

Request password just once - Requests the password only once per session, not needing to request to inform the password everytime you open an application in the same session.

Enable direct call by URL - Allows the application to be called directly from the URL of the browsers.

Enable CSRF - With this option enabled, Scriptcase prevents malicious attacks to a page on which the unauthorized command are transmitted from a user that the page trusts. These attacks are known as "Cross-Site Request Forgery". (This option is available only for Control and Form applications).