Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Software as a Service (Saas) and Multi-tenant Architecture

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Software as a Service (Saas) and Multi-tenant Architecture

    Hi All

    I am building a Saas website using Alpha 5. I am also using a multi-tenant database approach on Mysql. What this means is that all my customer will be sharing the same tables. I ensure that they cannot see each other's data using the Alpha security framework and storing the user ID in each table.

    My one concern is if I accidently publish a grid where I forget to include (or accidently delete) the filter of user_id, it will open up the query to all user data. Very bad.

    I want to come up with another failsafe. For example, the grid would error out if it found more than two user ids in the result set. Or something on mysql...

    Anyway, I am open to any and all suggestions on this one to increase the security of everyone's data on my website!

    Cheers,

    Scott

  • #2
    Re: Software as a Service (Saas) and Multi-tenant Architecture

    Scot,
    Could you tell me how you use the user id to filter tables please?

    Thanks in advance
    Bill Belanger

    Comment


    • #3
      Re: Software as a Service (Saas) and Multi-tenant Architecture

      It is a natural law that two weak systems are weaker than one weak system. Have your failsafe be a thorough method to ensure the filter is set properly.
      Steve Wood
      Join the ALPHA DEVELOPERS NETWORK
      There is no Cloud. It's just someone else's computer.
      Web - Mobile - Hosting - Products - Frameworks - Developer Resources
      AlphaToGo | IADN (100% Alpha Anywhere Websites)

      Comment


      • #4
        Re: Software as a Service (Saas) and Multi-tenant Architecture

        Hi Bill,

        The filter mechanism is the standard Alpha setup....when the user logs in I assign them them a protected session id and then all records entered and selected from the MYSQL database are filtered on that value, there is a ton of info on this on the message board but if you need any direction just let me know...

        Hi Steve, I agree with your statement but feel that two strong systems are better then one strong system....in terms of setting a filter properly I plan to use a checklist, so that any time something is published I force myself to follow the checklist...seems to work well for Airline pilots :)

        Cheers,

        Scott

        Comment


        • #5
          Re: Software as a Service (Saas) and Multi-tenant Architecture

          Scott,
          I suggest that you design your filter to default to no one showing. I had the same kind of filtering going on in one of my apps that you are planning, but when the session variable timed out, the argument it was mapped to didn't cause an error...it showed everyone. So, I changed the filter so that no one would show up unless the argument specifically allowed them.
          Pat
          Pat Bremkamp
          MindKicks Consulting

          Comment


          • #6
            Re: Software as a Service (Saas) and Multi-tenant Architecture

            Is it only me or do others feel that maybe version 11 will be more saas friendly? I have two police departments on filemaker server and would love to combine them into one server using Alpha and the same user interface sharing tables. I know I CAN do it now, but since I've had this setup with them for 15 years, there's no real rush, and if Alpha is going to make it easier for me to get this done, maybe I wouldn't have to work so hard. :-)

            Lazy Bill Belanger

            Comment


            • #7
              Re: Software as a Service (Saas) and Multi-tenant Architecture

              LAZY - Take nothing for granted, do it before a competitor does and takes the client(s) - it does happen (and without notice)- it could not be easier to do so get moving.
              Insanity: doing the same thing over and over again and expecting different results.
              Albert Einstein, (attributed)
              US (German-born) physicist (1879 - 1955)

              Comment


              • #8
                Re: Software as a Service (Saas) and Multi-tenant Architecture

                Thanks for the advice Pete. Unfortunately at my rates there is no competition. :-) This is pretty much a hobby for me, I just do it because I enjoy it, I have other good paying businesses that support me. My customers get what they pay for and we're all happy. I don't have any paid applications out there that use Alpha, only Filemaker. So all the money I've spent on Alpha over the past 8 years is still just tuition. You say "it could not be easier" and that's probably true for you since you're a professional programmer. To be fair, Alpha says "Programming skills are optional with Alpha v10" on their website, but every time I try to do something serious with it, I get into what I consider programming. I'm not complaining, just stating how I see the product. I needed to do an inventory program for a freezer plant and I almost got it done in Alpha, but ran into issues that required what I considered programming beyond my skill level, and even with all the help from you kind folks on this board, ended up starting over and doing it in Filemaker. That was the second project with same scenario, you'd think I'd learn. Scott says there is a ton of info on this board for doing the saas stuff, but I've been watching this board for a long time and I see references to ulinks and protected session ids and so forth. That all looks like programming to me. I don't see anything in the web security controls that allow me to assign a user with any id. So I guess I'll just wait to see what version 11 brings. I started designing databases in 1984 with a product call Helix on a Mac. Filemaker was a natural progression since it ran on PCs too. I figured Alpha server with a web client was the ultimate, but I'm just not quite there yet. Maybe someday I'll wake up and realize I'm out of my league with Alpha, but they keep dangling the candy in front of me. With Filemaker I design a desktop form, or choose one that's predesigned and pretty, stick it in a web folder, and it gets served up. Now that couldn't be easier. I have nothing but praise for Alpha, but it just seems to stay one step ahead of me.

                Bill

                Comment


                • #9
                  Re: Software as a Service (Saas) and Multi-tenant Architecture

                  Well - I agree with you and I'm sorry if I have caused any grief. What you have described it not uncommon from what I see, why not send me some things you have worked on that have you stumped and I'll explain to you what you need to know.
                  Insanity: doing the same thing over and over again and expecting different results.
                  Albert Einstein, (attributed)
                  US (German-born) physicist (1879 - 1955)

                  Comment


                  • #10
                    Re: Software as a Service (Saas) and Multi-tenant Architecture

                    Thanks Peter, that's very kind of you. No grief here! I know how busy you folks are who do this for a living and for any of you to offer to help the rest of us beginners is truly a step beyond. I'll try again to get my tables filtered by group and I'll let you know where I get stumped. I was just thinking that since Alpha did a survey about saas that the new version might have some shortcuts.

                    Bill

                    Comment


                    • #11
                      Re: Software as a Service (Saas) and Multi-tenant Architecture

                      Originally posted by Bill@TrackerSystems.com View Post
                      To be fair, Alpha says "Programming skills are optional with Alpha v10" on their website, but every time I try to do something serious with it, I get into what I consider programming.
                      Yeah, I agree too. On the desktop you really can produce a sophisticated application w/o any programming using Alpha. But on the web, it's almost impossible. We're better off if we think of the WAS as a Web App Builder that, more or less, requires at least some programming skills.

                      but I've been watching this board for a long time and I see references to ulinks and protected session ids and so forth. That all looks like programming to me. I don't see anything in the web security controls that allow me to assign a user with any id.
                      As I'm sure you know, you can do this - from the desktop, published to the web. But to do it from the web, you have to hand code it yourself, yup. This is one of the single biggest stumbling blocks to new users wanting to build a web app - and it ain't easy if you're not a programmer type. And even good programmers who come to this the first time have to dig out all the web security functions, study how they work, figure out the logic to make them work, and then - figure out the logic and syntax on how to make it all work within the context of a grid, etc etc. Alpha's outdated documentation on this still refers to using an old fashioned dialog for web security (which many of the security functions were specifically designed to work with) and so on and so on. I'm with you Bill, it's not easy.

                      With Filemaker I design a desktop form, or choose one that's predesigned and pretty, stick it in a web folder, and it gets served up. Now that couldn't be easier.
                      It's funny that you say that. I have heard some FM guys say the same thing. You can take a desktop form (or whatever) and with one just-click, publish it to the web. Then I have heard other FM guys say that FM on the web is a piece of junk. Not being an FM guy, I'm a little confused. I assume that their are probably serious limitations on what yo can do with FM on the web, if not the desktop. Perhaps you could elaborate, Bill?
                      Peter
                      AlphaBase Solutions, LLC

                      Peter@AlphaBaseSolutions.com
                      https://www.alphabasesolutions.com


                      Comment


                      • #12
                        Re: Software as a Service (Saas) and Multi-tenant Architecture

                        Sure Peter. With Filemaker, you publish a desktop layout. Starting from scratch you can make say 5 fields, make a layout, put the fields on it, put that layout into a web folder and you're done. No more than 5 minutes from start to web. There are two ways to access it. One is with a full version of Filemaker Pro for about 300 bucks per seat. It gives you the same user experience as a desktop app. It's fmnet:/serverURL It's just as if you were using it on a LAN. On the other hand if you want users to access via a web browser, the look and feel changes, printing is a real bother, some scripts don't work. It's OK, and I have some people using it because they don't want to spend the 300 bucks, but it's not great. Here's a sample
                        http://72.45.168.163/fmi/iwp/cgi?-db=opti tracker&-startsession
                        Just login as a guest.
                        The two issues I have are, filemaker server is $1,000 and will allow filemaker pro clients. If you want people to access with a browser, you need filemaker server advanced and that's $3,000. So if you have a client with three computers in their office, that's $900 for their filemaker seats, or they can use the browser. But they can't print except printing a screen shot. Not acceptable for me. There is no way to filter tables in filemaker without doing a "find". Again, something I don't like. Servoy is like filemaker, is designed for saas, but is $300 per concurrent user. So you buy a license for 5 users, only 5 can be on at a time. Alpha will be the most cost effective solution and with it's ability to use the rtf editor and export a pdf, it will be just what I need, eventually. BTW, I'll only leave the sample up for today 6/19

                        Comment


                        • #13
                          Re: Software as a Service (Saas) and Multi-tenant Architecture

                          The real benefit of course is that you design only one form, whether for the desktop or the web.

                          Comment


                          • #14
                            Re: Software as a Service (Saas) and Multi-tenant Architecture

                            Bill, your site has the guest option disabled. Also, you get two error messages before the page initially loads.
                            Peter
                            AlphaBase Solutions, LLC

                            Peter@AlphaBaseSolutions.com
                            https://www.alphabasesolutions.com


                            Comment


                            • #15
                              Re: Software as a Service (Saas) and Multi-tenant Architecture

                              Hum...Are you getting to Opti tracker or Crime tracker? Crime Tracker has the guest disabled.
                              If you're going to the home page, you will only see Crime tracker available.

                              http://72.45.168.163/fmi/iwp/cgi?-db=opti tracker&-startsession

                              That should bypass the IWP screen
                              What errors are you getting?

                              Bill

                              Comment

                              Working...
                              X