ORDA – Permissions – Restrict / allow web access to the resources in one click
Discover here, how, in web processes, you can protect your resources (data + business logic) from malicious accesses and from unauthorized users … in one click.
In development mode, set the Restrict access by default property to FALSE to concentrate on your code organization, data model, Qodly pages architecture, tests … without any restriction to use data or to call functions.
When ready to implement user profiles, just set the Restrict access by default property to TRUE to ensure nobody will access your data and business logic without being explicitly authorized.
Track, Audit, Optimize: Take Control of Your 4D Web Sessions
Since the introduction of scalable sessions, server-side session management has become an important component of modern 4D architectures. These sessions enable fine-tuned scalability for web applications, but also require stricter supervision to guarantee performance, stability, and license control. With 4D 21, you now have a comprehensive means of inspecting all open web sessions, whether they originate from REST connections, SOAP calls, or 4DACTION requests.
Generate, share and use web sessions One-Time Passcodes (OTP)
Today, web applications have become integral to our lives, offering convenient features that save time and simplify everyday tasks. As an example, creating accounts on various platforms is one the most frequent user action on web sites.
They expect this kind of process to be quick and accessible—whether at home, commuting, or relaxing on the beach.
Behind this simplicity lies a more complex reality. These operations often require integration with third-party systems, such as email verification services. This introduces challenges related to security, user experience continuity, and protecting against man-in-the-middle attacks.
For developers, ensuring a smooth experience means managing interactions between external systems and the 4D web session. This involves maintaining the user’s context—retrieving data, privileges, and the exact step of their journey to complete the process.
Sounds complicated? It doesn’t have to be! Discover how to build robust web applications that securely and efficiently communicate with third-party systems with 4D 20 R9.
Improved 4D Client Licenses Usage with Qodly Studio for 4D
Those of you who have started using Qodly Studio for 4D already know how powerful this new tool is for developing business web applications. If you haven’t yet, find here more information on getting started.
Apps made with Qodly Studio for 4D rely on the REST APIs. 4D 20 R5 is shipped with a great new feature: “Force Login” mode.
With Force Login mode, a 4D Client license is only consumed when users successfully log in and begin working with your application’s data and logic.
Keep reading to find out more! And don’t forget to download our demo to see it in action!
Debug on the server with scalable web sessions
Scalable web sessions were a significant improvement brought by 4D v18 R6. They allow you to use 4D tags, 4D actions, and REST API in preemptive processes, even in interpreted mode, on a 4D server. However, to debug such programs, you needed to open your development environment on the server to make it switch to cooperative mode, as the debugger window cannot be opened with preemptive processes. This way, until v19 R2, you could debug REST, 4D actions, or 4D tags. From v19 R3, all of this has become much easier, and you can debug on the server-side simply by attaching the debugger to it, as usual.
Get ready for the new SameSite and Secure attributes for cookies
Cookies’ abilities have grown and evolved over the years, but they have left some legacy issues. To handle this, browsers (including Safari, Chrome, Firefox, and Edge) are changing their behavior regarding the SameSite and Secure attributes for a secure-by-default model for cookies.
As a 4D web developer, you may be concerned about the 4D web sessions session cookie if you want to prevent your application from Cross-site request forgery.
To prevent your web session cookie from circulating on the web pointlessly or being misunderstood by browsers because of a default value applied, you should ask if it is:
- a third-party cookie: associated with a domain name different from that of the page where the cookie is encountered. A third-party cookie is placed by a page object (e.g. an ad) originating from a domain other than the one hosting the page
or
- a first-party cookie: associated with the domain of the page
Depending on your use case, you should choose the appropriate value for the SameSite attribute of your web session cookie.
To reinforce security, the Secure attribute must be set for the web session cookie when the connection is secured (HTTPS) to indicate to the browser that the cookie can be sent safely.
Keep reading to learn how 4D has your back to improve privacy and security across the web.
Scalable sessions for advanced web applications
Nowadays, web applications are essential modern tools. As machines and processors become more and more powerful, your web applications must constantly meet performance requirements. This is why with 4D v18 R6, the 4D Web Server offers a new kind of web session: the scalable Web session.
Let’s find out more!
A better understanding of 4D REST sessions
In a previous blog post, we showed you how to get started with the 4D REST server. We walked you through different CRUD operations using Postman and pointed you to the full REST documentation. In this blog post, We’ll explain how sessions work in 4D. This understanding will ensure that you’ll be able to build a session-based authentication system using the 4D REST server.
Contact us
Got a question, suggestion or just want to get in touch with the 4D bloggers? Drop us a line!
* Your privacy is very important to us. Please click here to view our Policy