Author Topic: calling a form with no browse (Read 3682 times)

ccordes · « **on:** November 17, 2010, 11:14:11 PM »

Hi
Is there another way to call a form without a browse than what is in the docs? I notice that browses do not have the record Id in the request string in the URL.
The docs say to tack on change_btn and id= xxx to the URL. Doesn't seem very secure.

Thanks
chris

Bruce · « **Reply #1 on:** November 18, 2010, 02:41:27 AM »

Hi Chris,

The URL makes it neither secure, nor unsecure. the real security is on the form itself, by validating that the current user has rights to the record before writing it.

That said, the newer approach, of using a hashed unique ID is "more secure" in that the actual ID field is unknown. This needs to be further closed down though so that the actual ID, if used (like mentioned on FAQ W4) will fail.

Coupled with that is the need to document the technique for calling a form directly, but using the new hased-id approach rather than the old id approach. That's not documented yet.

cheers
Bruce

ccordes · « **Reply #2 on:** November 18, 2010, 06:36:05 AM »

So the same filters that a browse might have for a specific user, could/should be used at the start of the form.
good idea...
thanks

NetTalk Central

Author Topic: calling a form with no browse (Read 3682 times)

ccordes

calling a form with no browse

Bruce

Re: calling a form with no browse

ccordes

Re: calling a form with no browse