Log In    |    Knowledge Base    |    4D Home
Tech Tip: Rejecting a Web connection from unauthorized clients
Published On: May 26, 2006

When building a Web application it is sometimes necessary to implement security checks that reject web calls from unauthorized clients. You can use the On Web Authentication and/or On Web Connection database methods to perform this kind of check.

One way to do this is by checking the client IP address and ignoring the calls that originate from the different IP address.

To obtain the client IP address, check the $3 parameter to the On Web Authentication or On Web Connection database methods. Then validate $3 against a saved IP address or a IP white list to decide if the web connection should be accepted or rejected.

To reject a connection from within On Web Authentication all one needs to do is set $0 to False. However in this case you have no control over the response sent to the client.

If you want to execute a greater degree of control (e.g. send certain Web pages to certain clients) then you can write customized code to be executed by On Web Connection.