Hi Tim, Sounds like you and me are on the same par, so appreciate that I am no expert in this field, but I was able to achieve something similar to what you are doing through a lot of help from those on this List, either directly from posts or indirectly from their websites.
My project involved no commercial or personal data, so your security concerns are likely to be at a higher level than my solution, so RevIgniter might be your best bet. For me I simply set up two additional accounts in postgreSQL (beyond my on-rev user account that has full Admin privileges), one that could add, modify and delete records (but not tables or dbs) and another that could only select records for viewing. I then set up two separate webpages, one that was for the person who could add, modify and delete records, and a completely separate webpage for the public to view the data. As an additionally security step, whenever a record needed to be deleted, the Admin User has to input certain key words, in certain key places in the webform otherwise it will not be processed. With Rev and it's strength with chunk expressions, looking for certain words in certain places is sooooo easy. I only included this because the data involved should never need deleting so for it to happen would be very unusual. The biggest help I got was the example - Simple Form - on Sarah's site: http://www.troz.net/onrev/ Once I crossed the hurdle of getting a web Form talking to On-Rev if my Rev database code worked on my desktop db, I could generally figure out how to get my on-rev code to talk to my on-rev db. Also very helpful was stuff from Andre's site: http://www.andregarzia.com/blog Can't remember specifically what Andre's site helped me with, he does so much both on his site and on this List it's like panning for gold, you know you've struck it rich if Andre has the answer. I think his Bootstrapping a CMS in 24h blog entry may have had some nuggets in it. Finally Pierre answered a post I had to the List titled 'on-rev+postgreSQL' which solved the missing part of the puzzle, how to add a little more security with different users. I decided to move away from mySQL to postgreSQL after reading so many mySQL license issues on this List, it seemed postgreSQL just made all that headache go away. The only problem was setting up additional users and their privileges wasn't as straight forward as it was with mySQL. Good luck. On Sat, Nov 26, 2011 at 11:51 PM, Tim Selander <selan...@tkf.att.ne.jp>wrote: > Hi, > > I'm beginning to learn how to use <?rev scripts to access mysql databases > on my on-rev.com account. > > I am going to allow users to search a catalog, but no uploading and no > data entry or data editing... > > What, if any, security problems do I need to consider? mySQL newbie... > > Thanks, > > Tim Selander > Tokyo, Japan > > ______________________________**_________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/**mailman/listinfo/use-livecode<http://lists.runrev.com/mailman/listinfo/use-livecode> > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
