Data access is handled in three ways.

Server-based Access Control - Most servers can be configured to restrict access to entire directories of documents by IP addresses. Place the application-related forms, templates, and executables in these directories. Individual forms can be password controlled when using Netscape or SAIC servers. In this case, RES-Reach will not execute unless the user passes authentication. The variable "REMOTE_USER" will then contain the user id that was authenticated by the Web server. If you use Microsoft IIS, authentication user id and passwords can be defined by NT security.

Security within the Application - One of the fields on the forms can be a password or similar field. An SQL query can be written that verifies that the user is allowed access, on a record-by-record, field-by-field basis. After the user has been identified in one password form, a "hidden" confirmation field is sent in subsequent forms generated. Alternatively, use the value of the variable "REMOTE_USER" if the server supports authentication.

Security within the Database - Many of the database systems with which RES-Reach can interact support user access control within the database itself. The RES-Reach server acts like a single user to most DBMSs. However, it is possible to use variable replacement within the connect string of the DATA tag to identify a single user to the database.