Using FMPro 6 and CDML code to retreive a file by the Web, how can I fix the
code in order that a user cannot access a file without giving the EXACT value
contained in a field of the database.

For example, I have a field named CODE with 8 characters (ex.: AB678XY2).
Using a form action and a text field, actually the user may enter something like
AB* to retreive a file where the code begin with "AB".

What I want is that the user must enter the complete content of the code field
to access the file. I cannot use the code:
<input type="hidden" name="-Op" value="eq">
neither
<input type="hidden" name="-Op" value="bw">
<input type="text" value="==">

because the I use a field name instead of a fixed content
<input type="text" name="Code" value=""
in the form...

Someone can help me?

Paul Patenaude wrote:

Your method wouldn't work also for the fact that a user can craft their
own url by looking at the source.

Look at the Web Security database - I believe you can put an "exact"
find restriction on specific fields in the table. If the user doesn't
specify it exactly, they get an error.

"Paul Patenaude" <ppat2000 (AT) yahoo (DOT) com> wrote

If it needs to be that exact and secure, then CDML has some limitations.
Now, what is the actual problem if they retrieve a larger set? Why is it an
issue?

Cos there are other ways to restrict sets - and Kevin is right, exact match
may be one of them in the Web Sec database... but there are more, depending
on what you are really trying to do.

Webko

Tim 'Webko' Booth wrote:
say "J89AB123" or "J34DF057"... Then if a user want to access his own file
using a code made of jokers like *89AB*, he will retreive a lot of files that
does not belong to him and might contain personal informations... That's why!

So what I am looking for is the equivalent of making a search in a FM database
using an exact match code in a field like ="J34DF057" but using a field
description with CDML.