Documentation Comments

Use this form to comment on this topic. You can also provide any general observations about the Online Documentation, or request that additional information be added in a future release.

RealityV15.1Online Documentation (MoTW) Revision 7

RealWeb Security (RealWeb) (security.htm)

To	Reality
Version
Topic
Submitted by
Company
Location
Email address
Comment

RealWeb Security

RealWeb provides an extremely secure web environment. Because it works primarily by calling specially written DataBasic subroutines, the user does not have direct access to the data and the subroutines themselves cannot be listed or displayed. The item server, used to provide access to graphics, stylesheets, etc., can be restricted to only those files that contain relevant items. The rest of the Reality database is not accessible.

To set up RealWeb security, do the following:

Ensure that the user-id used to access RealWeb from the browser uses an appropriate security profile (see Setting up RealWeb Users and Accounts for details).
Make sure that you enable only those subroutines that you want to make accessible to your RealWeb users. See Writing a RealWeb Subroutine for details.
Restrict the files accessible to the RealWeb item servlet to those containing support items such as graphics, CSS stylesheets, JavaScript code, etc. It is recommended that you create files specially to hold these items.

To restrict the files accessible to the RealWeb item servlet, create an item called RW_ITEM_SEC in the account's REALWEB.SECURITY file. The first attribute of this item must contain a single letter V and subsequent attributes must contain the names of those files to be made accessible to the item servlet. Note that if no RW_ITEM_SEC item exists in the REALWEB.SECURITY file, all files in the account will be accessible to the RealWeb item servlet and could be viewed by using an appropriate URL.
Consider using a secure protocol such as HTTPS.