FoxInCloud
Beginners Questions
Gravatar is a globally recognized avatar based on your email address. Beginners Questions
  codeSlinger
  All
  Oct 7, 2015 @ 03:00am
Intro: I've been a Fox Head since Fox Base but just looking at FIC. I'm located in Alabama, USA and I did consulting/Fox development on my own since 1988. I now have a package that I sell to county & city governments that manages risk, worker's comp, employee health concerns and property. I've, also, got a package for organic and sustainable farmers that manages all area of production, produce, livestock, finances and can calculate profitability down to a square foot of area. That's about it on what I am doing now. I want to move both of these applications to the web and it looks like FIC can do that.

I don't want to be to much of a pest (a little is ok I hope). but I need
to get a few questions answered before I start investing time and money.

I have two apps that needs to be very secure. Right now they are secure
because it, of course, is client/server.

1. What would your suggestion be for a very secure logon
2. For securing the dbf's or would they have to be converted to sql
3. What is the best/easiest way to make them multi-company

Thanks a lot,
Gary

Gravatar is a globally recognized avatar based on your email address. Re: Beginners Questions
  FoxInCloud Support - Thierry N.
  codeSlinger
  Oct 7, 2015 @ 09:44pm
Intro: I've been a Fox Head since Fox Base but just looking at FIC. I'm located in Alabama, USA and I did consulting/Fox development on my own since 1988. I now have a package that I sell to county & city governments that manages risk, worker's comp, employee health concerns and property. I've, also, got a package for organic and sustainable farmers that manages all area of production, produce, livestock, finances and can calculate profitability down to a square foot of area. That's about it on what I am doing now. I want to move both of these applications to the web and it looks like FIC can do that.

I don't want to be to much of a pest (a little is ok I hope). but I need
to get a few questions answered before I start investing time and money.

I have two apps that needs to be very secure. Right now they are secure
because it, of course, is client/server.

1. What would your suggestion be for a very secure logon

A FoxInCloud Web Application is also client/server:
- client: browser
- server: Web server connected to a Web application
- in between: Internet connection

Let's see how each piece can be secured using FoxinCloud, and against which threat:

Browser


- credentials theft: browser never stores data from <input type="password"> - FoxInCloud automatically maps any textbox with !empty(.passwordChar) as <input type="password">
- session hacking: never display credentials anywhere in the application; set session duration to a very short delay like 5 minutes - if user is inactive during that delay, session expires and user has to login again.

Internet connection


use 'secured http' protocol (https://..., encrypted) by installing a SSL certificate on your server(s) and limit access to your application to the https protocol - FoxInCloud supports this.

Server


FoxInCloud installs private and public material in 2 different places:
- application and VFP data: in program files\
- material that displays in the browser (site files such as HTML, JS, CSS, images, etc.): in inetpub\
site files contain no personal data: just the structure where the data will take place.
For optimal security, FoxInCloud recommends to create a dedicated user (eg. ficApp), and limit access to the program files\ficApp\ folder to this user only (read, write, execute, etc.): server maintenance personnel have no access to this folder.
When installing the Web application in the Web server (eg. IIS), create a dedicated application pool running under this ficApp account. Using the default 'run as launcher' COM option, the Web application, thus your application will run under this account and have access to the data.
Make sure your Web server runs as a virtual machine (VM) and back up the whole VM once a day to avoid the backup personnel to access your data.

By default, after adaptation to FoxInCloud, each form in your application does not allow anonymous access - you need to explicitly authorize some forms like splash and login.

2. For securing the dbf's or would they have to be converted to sql

From the description above, you see that the dbfs are encapsulated in a folder structure that only the Web Application can access.
Of course your FoxinCloud Web Application can synchronize these data with a local, LAN VFP database (free or contained tables)

3. What is the best/easiest way to make them multi-company

Do the same as your desktop app.: one app and database per client, and one Web Application site.
Whether the client-specific Web Applications run on a single server (or server pool) and/or on server(s) owned by your client(s) is another decision.
Gravatar is a globally recognized avatar based on your email address. Re: Beginners Questions
  Tuvia Vinitsky
  codeSlinger
  Oct 8, 2015 @ 01:34pm
Hard to add anything to such a thorough response, but I would point out you certainly can convert it to sql server if you wished. Any ODBC thet VFP can use will work. And as for the browser, by default anonymous users are not allowed. Overall the security level is about as high as I can imagine.

(I am not with FoxInCloud, I am a consultant who works extensively with clients using FiC.)


Intro: I've been a Fox Head since Fox Base but just looking at FIC. I'm located in Alabama, USA and I did consulting/Fox development on my own since 1988. I now have a package that I sell to county & city governments that manages risk, worker's comp, employee health concerns and property. I've, also, got a package for organic and sustainable farmers that manages all area of production, produce, livestock, finances and can calculate profitability down to a square foot of area. That's about it on what I am doing now. I want to move both of these applications to the web and it looks like FIC can do that.

I don't want to be to much of a pest (a little is ok I hope). but I need
to get a few questions answered before I start investing time and money.

I have two apps that needs to be very secure. Right now they are secure
because it, of course, is client/server.

1. What would your suggestion be for a very secure logon
2. For securing the dbf's or would they have to be converted to sql
3. What is the best/easiest way to make them multi-company

Thanks a lot,
Gary

© 1996-2024