Configuring User Security

There are two types of configuration associated with the User Security Manager

  • User Security Configuration
  • Web Application Configuration

User Security Configuration

This configuration is used to configure the operation of the AppUserSecurity class, which is a subclass of the stock Web Connection wwUserSecurity class.

*************************************************************
DEFINE CLASS AppUserSecurity AS wwUserSecurity
*************************************************************

*-- Alias for the user file 
calias = "AppUserSecurity"

*-- Filename for the user file.
cfilename = "AppUserSecurity"

*-- If .t. requires Email validation of new accounts
lRequireValidation = .T.

*-- if set encrypts the passwords
cPasswordEncryptionKey = "119fasd34ads"

ENDDEFINE
*EOC AppUserSecurity 

You can override any of the properties of the base wwUserSecurity class but the most common will be the encryption key used for password hashing and the lRequireValidation switch. If the lRequireValidation switch is set, new accounts must be validated by email confirmation which involves an email getting sent to the account with a confirmation link that has to be confirmed in order for the account to become active.

The Password encryption key holds a fixed value that is used in creating a hashed and salted password that is unique to your application. If this value is blank - which is the default - passwords are not hashed. You can find out more about password hashing in the Web Connection docs.


© West Wind Technologies, 1996-2020 • Updated: 11/02/18
Comment or report problem with topic