Please enable JavaScript to view this site.

Navigation: Using PHPRunner > Security

Security screen

Scroll Prev Next More

Security settings

The Security screen is a tool to help you restrict access to the database in the generated app.

security_page

 

You can choose one of the following options:

 

No Login

There is no authentication. Everyone can access and edit the database.

 

Hardcoded

 

Set the only login/password combination which grants access to the database.

 

Database

 

Choose this method if you store username/password combinations in your database. In this case, you need to select the database table with the user data and choose the fields that store usernames, passwords, and full names. Full name content is displayed in the Logged as ... snippet after successful login.

 

If you wish to display additional information in the Logged as .. snippet, use the AfterSuccessfulLogin event to add a custom code. For example:

 

$_SESSION["UserName"] = $data["FirstName"].' '.$data["LastName"]

 

You can create a new table to store user login info by clicking Create new, and add new users to the selected table by clicking Add user.

 

The Database login page has the Third-party authentication option. See Facebook connect and Sign in with Google to learn more.

Third-party security providers

 

Note: the following options are only available in the Enterprise edition of PHPRunner: Active Directory, AzureAD, OKTA, SAML, OpenID. See Editions comparison to learn more.

 

Active Directory

This option works with the user data stored in the Active Directory. For more information, see Active Directory.

AzureAD

 

The Azure Active Directory (Azure AD) enterprise identity service from Microsoft that provides single sign-on and multi-factor authentication. For more info see AzureAD authentication.

OKTA

 

Okta is a company that provides Single Sign-On services to many leading companies in the world. For more info see OKTA authentication.

SAML

 
Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). For more info see SAML authentication.

OpenID

 

OpenID allows you to use an existing account to sign in to multiple websites, without needing to create new passwords. For more info see OpenID authentication.

 

 

When you use third-party security providers (Active Directory, AzureAD, OKTA, SAML, OpenID), there are also some common options.

 

Database options

 

These are mostly the same settings as those that you choose when using Database-based security. External UserId field is the field that would store the ID that came from a third-party security provider. For Facebook it may look like fb1234567890123, for AD it may look like adjohn.smith etc.

security_database_options

Token fields

Here you can specify token fields and specify their mapping to database fields. Token fields are defined in your security provider settings and available after a successful authentication.  

Login page in the generated application

 

With active authentication, PHPRunner generates an additional PHP page called Login.

 

Here is how it looks like in the generated app:

security_login_page

 

Note: users can select the Remember me checkbox to store their session data in the cookies. This way, the user stays authenticated for as long as the cookies are relevant or active.

Additional options

The additional security options are located on the right:

 

You can select Login form appearance options like standalone login page or login page in popup.

Two-factor authentication is an industry-standard way to protect users' data.

Registration and passwords option allows you to create and set up the user registration, password reminder, and change password pages.

 

Note: if you need to customize the email templates that are sent when a new user is registered, use the Email templates option.

 

Use Locking and Audit to set up record locking and user actions logging.

Use Encryption to encrypt important data in the database.

Use the Session keys option to enable a single logon for multiple projects.

If the Database or or one of additional security providers are selected, you can set Advanced Security Settings and define Permissions.

Scenarios for configuring security options

"One or several persons with the same access rights have access to the site".

Use the Hardcoded option.

 

"There is a single owner (administrator) with full access. Other users (guests) have read-only access to some pages/reports/charts".

Use the Database option, enable guest login in the Advanced security settings, configure the access for guests in the User group permissions.

 

"There are many users with different access levels and administrators with full access".

Use the Database option, configure Advanced security settings if you need to restrict access for each table, configure User group permissions to assign table level permissions, configure Admin group for administrators.

 

"All user account data is stored in the Active Directory or in one of third-party security providers like OKTA".

Use the Active Directory or one of additional security providers option. You can use more than one security provider in a single project.

Security related  articles:

Login form appearance

Two-factor authentication

Registration and passwords

Advanced security settings

User group permissions

Dynamic permissions

Audit and record locking

Encryption

Session keys

Active Directory

Facebook connect

Sign in with Google

CAPTCHA

See also:

Security API

Datasource tables screen

Miscellaneous settings

Page Designer

Event editor

 

Created with Help+Manual 7 and styled with Premium Pack Version 3 © by EC Software