Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Link a personnel table to security tables

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Re: Link a personnel table to security tables

    I am a lost ball in hig weeds on this. The ulink field is character field length of 40, and the userid is a character field length of 60.
    When i run the A5ws_GetCurrentUser Function, it return the users email address.
    So where is the difference, besides the field names, and am i supposed to use this as the unique id (primary id) and also have a character field in each related child with a length of 60?

    What about when the users email changes?

    Wouldn't using a numerical, auto increment field as the primary id be preferred, which is also preferred in SQL?

    Of course i may be completely mis-understanding this to begin with.
    J.R.
    Epigate Software, LLC.

    [email protected]
    http://www.epigate.com
    sigpic

    Comment


    • #17
      Re: Link a personnel table to security tables

      Userid and the password is just used to identify your user. And when success in Login you use this userID to map your user to your external userdatatable(s). In this externaluserdatatable(s) you can have whateveruniquedata you use further to extact data in other tables(using session variables) .

      As you pointed out email address can change so maybe you should not use it as userid. Maybe you should use just an ordinary "username" and save users email address to your externaluserdatatable where it can be changed easily. This is just question of design.

      I put this other way. In your externaldatatable is a whateveruniquedatafield. Do not copy this data anymore to security ULINK-field because this field will not be available anymore when using IIS.

      Comment


      • #18
        Re: Link a personnel table to security tables

        And just to be contraire, you still can use ulink, for now and forever, as long as you call it from your external user's table and not from the security tables.
        Peter
        AlphaBase Solutions, LLC

        [email protected]
        https://www.alphabasesolutions.com


        Comment


        • #19
          Re: Link a personnel table to security tables

          I am still kicking this dead horse.

          Lenny, I read the link you posted, and it says:

          "Ulink Field"
          "The ulink field is unique to the Alpha Five server security system. The IIS security does not have an equivalent field. Therefore it is recommended to add a UserName (UserId) field to every external table that has user data and save the security UserId in that field. Discontinue the use of the ulink field as it will not be available when running on IIS.

          The current UserName (UserId) can be obtained by the A5ws_GetCurrentUser Function and can then be used to find any record in an external database table with a matching UserName. (Don't forget to index this field for efficiency.)"

          I am trying not to say this in a negative manner, because i may be missing a piece if vital information, but the user ID is an email address, which can change, so why is Alpha recommending this approach?
          J.R.
          Epigate Software, LLC.

          [email protected]
          http://www.epigate.com
          sigpic

          Comment


          • #20
            Re: Link a personnel table to security tables

            Originally posted by J.R. Noe View Post
            but the user ID is an email address, which can change, so why is Alpha recommending this approach?
            I don't know where your idea is from that UserID has to be an email address. Alpha is recommending using UserID because that is the only field available in security to use. It would be very odd if they were recommending using password as a link value.

            Comment


            • #21
              Re: Link a personnel table to security tables

              Ken, thanks for responding. As i said, i may be off base here, but If I run the "A5ws_GetCurrentUser" function, it returns an email address, so that is where the idea came from.
              Maybe, and i will have to consult with Steve Wood on this, but i am using the AlphaTopGo template and the user_id field is setup as an email address, but I assumed that
              it is set up the same way.

              I have created many applications, but have never used any field that has the remote possibility of ever chaging, as a linking field, so that is my concern. Right now i can use the ulink and filter all my grids and dialogs
              but i am trying to prevent a future issue when the IIS change is implemented.

              After reading my comment, it may have sounded "anti-Alpha" and like i was questioning their process, but it was not meant to be.
              J.R.
              Epigate Software, LLC.

              [email protected]
              http://www.epigate.com
              sigpic

              Comment


              • #22
                Re: Link a personnel table to security tables

                I have been thinkinh Bout this myself. I have a resource table with an integer as key. Not everyone in the resource table is a user so not all of them will be linked to a security table (and have a user-id) but all have to be treated equally in the application.

                My question is if I can add a "userid" column to my resource table and link that to the security tables. When logging in I will still connect to the resource table and get the resourceID so it can be used throughout the application.

                Would this meet the new security criteria?

                Robert

                Comment


                • #23
                  Re: Link a personnel table to security tables

                  Email addresses can and do change frequently. This makes them a very poor choice for usernames in most applications. Note that this message board does not use your email address as your username, Amazon doesn't, your online banking very likely doesn't, and I strongly suggest you do not use email addresses for usernames either.

                  That said, Alpha customers have asked for the ability to use email addresses as usernames, so it is possible to do so.

                  a5ws_GetCurrentUser() returns the username. It is not returning an email address, though if it returns what appears to be an email address, then either your security framework is configured to use email addresses, or your user supplied one as their username anyway.

                  Lenny Forziati
                  Vice President, Internet Products and Technical Services
                  Alpha Software Corporation

                  Comment


                  • #24
                    Re: Link a personnel table to security tables

                    Thanks Lenny, I think the issue may lie with the fact that the ATG template uses an email address in the userid field. I assumed that was an Alpha wide practice, but apparently not. I have posted a message to Steve on the ATG message board. I am sure he can point me in the right direction, he certainly has many times in the past.
                    I am sorry to have been so confusing to everyone. Ken, your response makes much more sense now too.
                    What i do not want to happen, is break the ATG templates self-registration function, since that is very important to me. The template has saved me many hours and i do not want to lose any of the functionality, but i also need to resolve this issue.

                    I know i cannot be the only one with this problem, and i am sure once the IIS solution is implemented, there will be a mad dash to make the changes. I just would rather do it as i am creating it now as opposed to re-inventing the wheel.

                    Thanks Lenny
                    J.R.
                    Epigate Software, LLC.

                    [email protected]
                    http://www.epigate.com
                    sigpic

                    Comment


                    • #25
                      Re: Link a personnel table to security tables

                      Even though email addresses change, the vast majority of web applications use email address as their username. You can take an inventory of the places you have registered.

                      It would be time consuming but not be difficult to change the ATG Framework to use a non-email address username, but I have not gotten to it because email-address usernames are the norm and no one has ever asked for anything different since I first issued the Framework.

                      This list probably covers 95% of what is needed, for sure the self-registration:
                      • Toggle the Security Framework to use a value for username
                      • Add EmailAddress to web_users table
                      • Edit the wt_users_reg component to ask for Username and also Email Address, and stop it from validating the UserId field as an email address. Change the AfterValidate to insert EmailAddress in addition to UserId in to the web_users table. Also alter the code to send the email to the EmailAddress, rather than the UserID.
                      • Alter security framework code on the regconfirm.a5w page just before a5ws_save_webuser_values() to not assume UserId is also the EmailAddress. Also, it sends the confirmation email to the UserID, and that would need to chagne to EmailAddress.


                      less important but in addition, retrofit:
                      • wt_user_add component
                      • wt_users_email component
                      • wt_users component to show EmailAddress as well as UserId
                      Steve Wood
                      Join the ALPHA DEVELOPERS NETWORK
                      There is no Cloud. It's just someone else's computer.
                      Web - Mobile - Hosting - Products - Frameworks - Developer Resources
                      AlphaToGo | IADN (100% Alpha Anywhere Websites)

                      Comment


                      • #26
                        Re: Link a personnel table to security tables

                        I have been trying to do it myself, but each time i do, something breaks, like the self-registration, email or something.
                        I greatly appreciate your offer, and if you can fit it into your schedule, that would probably be the only way it is ever going to get resolved.

                        I do not want to lose the ATG templates function, but i really need to make the user id a numeric value. I have and app that is going to be going live with one agency very soon and i would like to have it done by then, so all 250 users can register with a non-email user name, but if not i can make the adjustment later.

                        I really appreciate the offer, and i will try it one more time today to do it, but i am not putting much hope into it.

                        Thanks Steve

                        -J.R.
                        J.R.
                        Epigate Software, LLC.

                        [email protected]
                        http://www.epigate.com
                        sigpic

                        Comment

                        Working...
                        X