frustrated newbie still can't get records to display at all in her first solution

>I'm trying to create my very first solution using Lasso.  I have a database
>online via FM Pro Advanced 8.5 and PIS hosting, finally got Lasso to
>recognize my tables/layouts in FM Pro via the snapshot, and now I used the
>Lasso Site Builder to create a simple site.
>
>Every record in my db represents a person who has a profile, and I wanted
>those persons to be able to log in and see their profile and update it using
>their (individual, everyone has a different set) usernames and passwords.  I
>wanted them to be able to enter both, then be taken to their profile after
>hitting the submit button.
>
>So, the first time I tried this, I created a search page with those fields
>on it, both the username and password.  I entered what I knew to be some
>valid choices that matched both those fields on one record, pressed enter,
>got this error:
>
>
>An error has occurred. (-9961 No permission) No Records Found
>
>OK, sooooo . . . I thought maybe I hadn't configured my permissions
>correctly in Lasso, since the error had the word "permission" in it.  I had
>added some stuff since I originally configured that.  (I hear permissions
>problems are common, so I figured, of course, I must experience them too,
>obviously.)  So I went into Lasso Admin/Security/Tables and configured Any
>User to have the ability to show, search and update All Tables and All
>Databases.  (I denied them the ability to add records and delete records,
>just in case that's relevant, because I'm going to do that semi-manually
>unrelated to coding it in Lasso, just via FM Remote.)
>
>So I entered my data again, and now I get this error:
>
>An error has occurred. (-1728 FileMaker Server Advanced returned an error.)
>No Records Found
>
>I know the things I entered were valid, but just to make sure, I entered a
>few more.  Same deal.
>
>I know records with the search parameters are in there.  I see them via FM
>Remote.  I copied and pasted exactly.  What am I doing wrong now?  The data
>entered for those items, there are periods and numbers in there along with
>letters, but nothing else, all alphanumeric EXCEPT for periods.  Surely
>numbers aren't disallowed.  Are periods?
>
>Or, more likely, I'm just missing something else entirely?
>
>Trying to do anything with Lasso makes me feel like a complete and total
>fool, but I'm still working on it  . . . sigh.
>
>Feedback extremely appreciated!
>Ramona
>
>
>

> Thanks for your reply, jp.
>
>
> On 7/20/08 4:12 PM, "joudnike@..." <joudnike@...> wrote:
>
>> Don't despair just yet.
>
>
> Every time I think I'm almost done, another problem crops up, all fairly
> mysterious to me.  :(
>
> <cue violins now, I know>
>
>
>
>>
>> It sounds like Lasso isn't seeing the FM database via the Lasso
>> database connector.
>
>
> I have no idea.  I don't know what to do about that, or even how to check.
> I thought I was done configuring/turning on everything already.  ??  Lasso
> is definitely seeing the FM database via the Lasso Snapshot in Adobe GoLive
> CS2.  (That was my last problem, but it's fixed now.)  I know for sure (er,
> at least, as sure as I can be about any of this), because I modified a
> table/layout, refreshed the snapshot, and the changes appeared in the
> refreshed snapshot.
>
> It's definitely there in Lasso Site Admin too.
>
> FM Remote works.
>
> I also had an email conversation with John from PIS not too long ago,
> detailed everything that I had configured and asked if I was leaving
> anything out, and he said no.
>
>
>>
>> The other more seasoned Lasso people lurking around here will be glad
>> to point you in the right direction.
>
>
> That would be totally lovely.  Anyone?  Please, with sugar?  :)
>
> (because it would seem I am right direction free at the moment)
>
>
>
>>
>> I wish I could help, but I'm a hibernating Lasso developer.  I don't
>> have my Lasso database stuff in my head nowadays.
>>
>> jp
>>
>>
>
>

>
> I would recommend taking some time to read about database permissions in the
> Lasso Setup Guide, Chapters 13 and 14, "Setting Up Data Sources" and "Setting
> Up Security", respectively.  As a newbie, it took me about 3 or 4 passes over
> this documentation until it finally clicked, specifically that first one
> grants permission to Lasso to access a resource (your database), then one
> creates a group with users and assigns the group to that resource.  It will
> help you understand the scope of database permissions, including hosts,
> groups, users, databases, tables, and tag permissions.
>
> /Applications/Lasso Professional 8/Documentation/2 - Setup Guide/Lasso 8.5
> Setup Guide.pdf
>
> For the programming specifics, it would be very helpful if you were to provide
> a code sample (obscuring any usernames and passwords), so that we know exactly
> how you have tried to implement what you want to do.
>
> Finally, check out this resource about how to authenticate users.  I found it
> to be a tremendous help when learning how to keep users logged in to my
> solutions.
>
> http://www.douglasburchard.com/LockIt5/
>
> Hope this helps.
>
> --steve
>
>
>
> On Sunday, July 20, 2008, ramonarock@... (Ramona Rock) pronounced:
>
>> I'm trying to create my very first solution using Lasso.  I have a database
>> online via FM Pro Advanced 8.5 and PIS hosting, finally got Lasso to
>> recognize my tables/layouts in FM Pro via the snapshot, and now I used the
>> Lasso Site Builder to create a simple site.
>>
>> Every record in my db represents a person who has a profile, and I wanted
>> those persons to be able to log in and see their profile and update it using
>> their (individual, everyone has a different set) usernames and passwords.  I
>> wanted them to be able to enter both, then be taken to their profile after
>> hitting the submit button.
>>
>> So, the first time I tried this, I created a search page with those fields
>> on it, both the username and password.  I entered what I knew to be some
>> valid choices that matched both those fields on one record, pressed enter,
>> got this error:
>>
>>
>> An error has occurred. (-9961 No permission) No Records Found
>>
>> OK, sooooo . . . I thought maybe I hadn't configured my permissions
>> correctly in Lasso, since the error had the word "permission" in it.  I had
>> added some stuff since I originally configured that.  (I hear permissions
>> problems are common, so I figured, of course, I must experience them too,
>> obviously.)  So I went into Lasso Admin/Security/Tables and configured Any
>> User to have the ability to show, search and update All Tables and All
>> Databases.  (I denied them the ability to add records and delete records,
>> just in case that's relevant, because I'm going to do that semi-manually
>> unrelated to coding it in Lasso, just via FM Remote.)
>>
>> So I entered my data again, and now I get this error:
>>
>> An error has occurred. (-1728 FileMaker Server Advanced returned an error.)
>> No Records Found
>>
>> I know the things I entered were valid, but just to make sure, I entered a
>> few more.  Same deal.
>>
>> I know records with the search parameters are in there.  I see them via FM
>> Remote.  I copied and pasted exactly.  What am I doing wrong now?  The data
>> entered for those items, there are periods and numbers in there along with
>> letters, but nothing else, all alphanumeric EXCEPT for periods.  Surely
>> numbers aren't disallowed.  Are periods?
>>
>> Or, more likely, I'm just missing something else entirely?
>>
>> Trying to do anything with Lasso makes me feel like a complete and total
>> fool, but I'm still working on it  . . . sigh.
>>
>> Feedback extremely appreciated!
>> Ramona
>>
>>
>>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy               Web Site Builder               Soquel, CA
> <web@...>                  <http://www.StevePiercy.com/>

> On Sunday, July 20, 2008, ramonarock@... (Ramona Rock)
> pronounced:
>
>> I guess I'm wondering, if it's information that's not really what
>> the vast majority of folks would call sensitive in the first place,
>> and no one perusing the site would imagine there's anything really
>> good (credit card numbers, probably) to get potentially hacked out
>> of there to begin with even if they were successful in hacking me .
>> . . how secure does that really need to be?
>
> Well, only you can answer what risks are acceptable.
>
> The actual content of your database may have little or no value to
> you or your users, but the integrity of your data may have
> considerable value.

> On Sunday, July 20, 2008, ramonarock@... (Ramona Rock) pronounced:
>
>> I guess I'm wondering, if it's information that's not really what the vast
>> majority of folks would call sensitive in the first place, and no one
>> perusing the site would imagine there's anything really good (credit card
>> numbers, probably) to get potentially hacked out of there to begin with even
>> if they were successful in hacking me . . . how secure does that really need
>> to be?
>
> Well, only you can answer what risks are acceptable.
>
> The actual content of your database may have little or no value to you or your
> users, but the integrity of your data may have considerable value.
>
> Would it be terrible if someone deleted all your data?  If someone replaced
> data with links to porn sites?  Can you prevent user A from editing or viewing
> data from user B?  What happens if you lose trust with your customers for
> protecting the integrity of their data, regardless of whether it is personal?
>
> To be honest, it is trivial to implement basic security, so I just don't see
> the sense in arguing against doing it.
>

>
>
>
> On 7/21/08 1:39 AM, "Web@..." <Web@...> wrote:
>
>> On Sunday, July 20, 2008, ramonarock@... (Ramona Rock) pronounced:
>>
>>> I guess I'm wondering, if it's information that's not really what the vast
>>> majority of folks would call sensitive in the first place, and no one
>>> perusing the site would imagine there's anything really good (credit card
>>> numbers, probably) to get potentially hacked out of there to begin with even
>>> if they were successful in hacking me . . . how secure does that really need
>>> to be?
>>
>> Well, only you can answer what risks are acceptable.
>>
>> The actual content of your database may have little or no value to you or
>> your
>> users, but the integrity of your data may have considerable value.
>>
>> Would it be terrible if someone deleted all your data?  If someone replaced
>> data with links to porn sites?  Can you prevent user A from editing or
>> viewing
>> data from user B?  What happens if you lose trust with your customers for
>> protecting the integrity of their data, regardless of whether it is personal?
>>
>> To be honest, it is trivial to implement basic security, so I just don't see
>> the sense in arguing against doing it.
>>
>
>
> OK, I'm feeling more and more convinced.
>
> And you're right, I don't know squat.
>
> Do you (or anyone else reading that would care to share) personally have an
> opinion as to what level of security would be appropriate for a project such
> as the one I described? (Let's say it was your project and your time, and
> you do care, but you weren't being paid by the hour.)
>
> Or, perhaps more importantly, thinking along the lines that nothing is
> absolutely secure, but things certainly can become MORE secure, what would
> be the level of security appropriate to Lasso with what I've described here
> to keep someone from deleting all the data and/or replacing it with links to
> porn sites?
>
> Which sort of Lasso security/security strategy would anyone that would care
> to comment implement here in this situation?
>
> Well, just in case anyone was interested . . . I did already disallow Any
> User the ability to delete anything (only Search and Update).  I was going
> to do the deleting manually myself, since I never have large numbers of
> UN-subscribers in any given week, so the time that would represent is less
> than 5 minutes.  That was how I **THOUGHT** I was preventing anyone from
> deleting all my data.
>
> However, I suspect others here have ideas about how that little strategy is
> insufficient, and I would like to hear that.
>
> Thanks for your or anyone else's feedback!
>
> Ramona
>
>

> I make security a practice of coding.  I don't give different levels of
> security to different projects.  I try to be as vigilant as possible to
> protect against all the major types of attacks.  If it becomes part of your
> practice, then you don't have to worry if you've done "enough" for this site
> versus that or having to upgrade one after a while.  You just know that
> you've done the most you can for everything.
>
>
> On 7/21/08 7:07 AM, "Ramona Rock" <ramonarock@...> wrote:
>
>  
>>
>> On 7/21/08 1:39 AM, "Web@..." <Web@...> wrote:
>>
>>    
>>> On Sunday, July 20, 2008, ramonarock@... (Ramona Rock) pronounced:
>>>
>>>      
>>>> I guess I'm wondering, if it's information that's not really what the vast
>>>> majority of folks would call sensitive in the first place, and no one
>>>> perusing the site would imagine there's anything really good (credit card
>>>> numbers, probably) to get potentially hacked out of there to begin with even
>>>> if they were successful in hacking me . . . how secure does that really need
>>>> to be?
>>>>        
>>> Well, only you can answer what risks are acceptable.
>>>
>>> The actual content of your database may have little or no value to you or
>>> your
>>> users, but the integrity of your data may have considerable value.
>>>
>>> Would it be terrible if someone deleted all your data?  If someone replaced
>>> data with links to porn sites?  Can you prevent user A from editing or
>>> viewing
>>> data from user B?  What happens if you lose trust with your customers for
>>> protecting the integrity of their data, regardless of whether it is personal?
>>>
>>> To be honest, it is trivial to implement basic security, so I just don't see
>>> the sense in arguing against doing it.
>>>
>>>      
>> OK, I'm feeling more and more convinced.
>>
>> And you're right, I don't know squat.
>>
>> Do you (or anyone else reading that would care to share) personally have an
>> opinion as to what level of security would be appropriate for a project such
>> as the one I described? (Let's say it was your project and your time, and
>> you do care, but you weren't being paid by the hour.)
>>
>> Or, perhaps more importantly, thinking along the lines that nothing is
>> absolutely secure, but things certainly can become MORE secure, what would
>> be the level of security appropriate to Lasso with what I've described here
>> to keep someone from deleting all the data and/or replacing it with links to
>> porn sites?
>>
>> Which sort of Lasso security/security strategy would anyone that would care
>> to comment implement here in this situation?
>>
>> Well, just in case anyone was interested . . . I did already disallow Any
>> User the ability to delete anything (only Search and Update).  I was going
>> to do the deleting manually myself, since I never have large numbers of
>> UN-subscribers in any given week, so the time that would represent is less
>> than 5 minutes.  That was how I **THOUGHT** I was preventing anyone from
>> deleting all my data.
>>
>> However, I suspect others here have ideas about how that little strategy is
>> insufficient, and I would like to hear that.
>>
>> Thanks for your or anyone else's feedback!
>>
>> Ramona
>>
>>
>>    
>
>
>
>  

> I make security a practice of coding.  I don't give different levels of
> security to different projects.  I try to be as vigilant as possible to
> protect against all the major types of attacks.  If it becomes part of your
> practice, then you don't have to worry if you've done "enough" for this site
> versus that or having to upgrade one after a while.  You just know that
> you've done the most you can for everything.
>
>
> On 7/21/08 7:07 AM, "Ramona Rock" <ramonarock@...> wrote:
>
>>
>>
>>
>> On 7/21/08 1:39 AM, "Web@..." <Web@...> wrote:
>>
>>> On Sunday, July 20, 2008, ramonarock@... (Ramona Rock) pronounced:
>>>
>>>> I guess I'm wondering, if it's information that's not really what the vast
>>>> majority of folks would call sensitive in the first place, and no one
>>>> perusing the site would imagine there's anything really good (credit card
>>>> numbers, probably) to get potentially hacked out of there to begin with
>>>> even
>>>> if they were successful in hacking me . . . how secure does that really
>>>> need
>>>> to be?
>>>
>>> Well, only you can answer what risks are acceptable.
>>>
>>> The actual content of your database may have little or no value to you or
>>> your
>>> users, but the integrity of your data may have considerable value.
>>>
>>> Would it be terrible if someone deleted all your data?  If someone replaced
>>> data with links to porn sites?  Can you prevent user A from editing or
>>> viewing
>>> data from user B?  What happens if you lose trust with your customers for
>>> protecting the integrity of their data, regardless of whether it is
>>> personal?
>>>
>>> To be honest, it is trivial to implement basic security, so I just don't see
>>> the sense in arguing against doing it.
>>>
>>
>>
>> OK, I'm feeling more and more convinced.
>>
>> And you're right, I don't know squat.
>>
>> Do you (or anyone else reading that would care to share) personally have an
>> opinion as to what level of security would be appropriate for a project such
>> as the one I described? (Let's say it was your project and your time, and
>> you do care, but you weren't being paid by the hour.)
>>
>> Or, perhaps more importantly, thinking along the lines that nothing is
>> absolutely secure, but things certainly can become MORE secure, what would
>> be the level of security appropriate to Lasso with what I've described here
>> to keep someone from deleting all the data and/or replacing it with links to
>> porn sites?
>>
>> Which sort of Lasso security/security strategy would anyone that would care
>> to comment implement here in this situation?
>>
>> Well, just in case anyone was interested . . . I did already disallow Any
>> User the ability to delete anything (only Search and Update).  I was going
>> to do the deleting manually myself, since I never have large numbers of
>> UN-subscribers in any given week, so the time that would represent is less
>> than 5 minutes.  That was how I **THOUGHT** I was preventing anyone from
>> deleting all my data.
>>
>> However, I suspect others here have ideas about how that little strategy is
>> insufficient, and I would like to hear that.
>>
>> Thanks for your or anyone else's feedback!
>>
>> Ramona
>>
>>
>
>