Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Question on Dialog Object variables

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Question on Dialog Object variables

    Are contents of a object variable set through setStateInfo.myvar secure?

    By secure, I mean can you see the variable and content through something like Firebug.

    As I move more into client side processing and mobile setups I find that I am using client side javascript functions to control security. In taking this approach I use certain variables as keys to control processing/access. It's therefore important that these keys are secure and not visible through inspection tools like Firebug.

    Thanks
    Tom

    #2
    Re: Question on Dialog Object variables

    Originally posted by Tbrondolo View Post
    Are contents of a object variable set through setStateInfo.myvar secure?

    By secure, I mean can you see the variable and content through something like Firebug.

    As I move more into client side processing and mobile setups I find that I am using client side javascript functions to control security. In taking this approach I use certain variables as keys to control processing/access. It's therefore important that these keys are secure and not visible through inspection tools like Firebug.

    Thanks
    Tom
    All javascript sent to the client can be inspected with tools like Firebug. Security applied client-side via javascript is less secure than applied server-side with xbasic. Any client-side code (javascript) can be accessed and modified on the client. If you have scripts or logic that should not be accessible by the client, that processing should be done on the server.
    Sarah Mitchell
    Director of Customer Success | [URL="https://www.alphasoftware.com"]Alpha Software Corporation[/URL]
    [B]Get in the know! [/B] Join us for our Weekly Webinars: [URL="https://www.alphasoftware.com/weekly-transform-tuesday-webinar"]TransForm Tuesday[/URL] and [URL="https://www.alphasoftware.com/weekly-alpha-anywhere-overview-webinar"]Wednesday's Alpha Anywhere Demo and Q&A[/URL]
    Connect with us: [URL="https://www.instagram.com/alpha_software_corp/"]Instagram[/URL] | [URL="https://twitter.com/AlphaSoftware"]Twitter[/URL] | [URL="https://www.facebook.com/AlphaSoftware/"]Facebook[/URL] | [URL="https://www.linkedin.com/company/alpha-software"]LinkedIn[/URL] | [URL="https://www.youtube.com/user/AlphaSoftwareInc"]YouTube[/URL]

    Comment


      #3
      Re: Question on Dialog Object variables

      Hi Sarah,

      Thanks for the response. The specific issue I'm having is with a disconnected mobile UX component. I'm finding that if I use sever side security to show/hide a button that that after login the button will not render on the UX after a login by the user and therefore not work. So I've been looking for alternate methods to control access to the script that would run in javascript from the button. I can move the sensitive stuff to the server and validate the user credentials from there.

      Tom

      Comment


        #4
        Re: Question on Dialog Object variables

        Originally posted by Tbrondolo View Post
        Hi Sarah,

        Thanks for the response. The specific issue I'm having is with a disconnected mobile UX component. I'm finding that if I use sever side security to show/hide a button that that after login the button will not render on the UX after a login by the user and therefore not work. So I've been looking for alternate methods to control access to the script that would run in javascript from the button. I can move the sensitive stuff to the server and validate the user credentials from there.

        Tom
        I assume you are using the Integrated Login functionality for the UX Component? Do your users have to have a connection to login? If so, you can force a reload of the UX Component after login in the onLogin event with the following code:
        Code:
        e.url = "<thisComponent>"
        This information, unfortunately, is still only found in the Release notes. We're still working through all of the release notes for every Release to integrate them into the documentation system. I'll be updating the onLogin event with this info. You can find doc for the onLogin event here: https://www.alphasoftware.com/docume...search=onlogin

        You can certainly do this with javascript and state variables. Provided you understand the risks of putting code client side to show-hide controls/interfaces that should only be accessible if you're logged in or have sufficient privileges to access, then this should not be an issue for you. Security is tricky business in an offline environment since you don't have access to the Alpha Anywhere Application Server where authentication and authorization actions are verified.

        If you are able to re-work your design such that security on indivual controls is not required (rather, pushed to the component level or done using client-side show/hide statements), then you can take advantage of pre-rendered UX components to improve performance in your applications. While it may be beneficial to completely strip out interface elements before sending a component to the client, computing a UX Component's layout via server-side show/hide expressions and Security restrictions can negatively impact performance.
        Sarah Mitchell
        Director of Customer Success | [URL="https://www.alphasoftware.com"]Alpha Software Corporation[/URL]
        [B]Get in the know! [/B] Join us for our Weekly Webinars: [URL="https://www.alphasoftware.com/weekly-transform-tuesday-webinar"]TransForm Tuesday[/URL] and [URL="https://www.alphasoftware.com/weekly-alpha-anywhere-overview-webinar"]Wednesday's Alpha Anywhere Demo and Q&A[/URL]
        Connect with us: [URL="https://www.instagram.com/alpha_software_corp/"]Instagram[/URL] | [URL="https://twitter.com/AlphaSoftware"]Twitter[/URL] | [URL="https://www.facebook.com/AlphaSoftware/"]Facebook[/URL] | [URL="https://www.linkedin.com/company/alpha-software"]LinkedIn[/URL] | [URL="https://www.youtube.com/user/AlphaSoftwareInc"]YouTube[/URL]

        Comment


          #5
          Re: Question on Dialog Object variables

          When I used the e.url it was reloading the component and buttons that were hidden with DialogIsloggedIn = true/false were not responding correctly.

          I did find a solution for list controls which is the main issue I was having. I am now using the ServersideQuery event and e.authorized. This allows me to have the list control rendered in the UX without security and then when the user is logged in they can pull down the data and it will remain in the client. But when the uX is not logged in it will prevent the list from populating or from someone manipulating a control to cause a refresh of the data.

          Comment

          Working...
          X