Main differences between a Mendix login and custom login?
Hi guys, We have a case where an user needs to login on a mobile app and could change his personal information. But because we expect thousands of this kind of users and Mendix' pricing (is in my opinion too unaffordable for SMEs) i thought to build an own login (userid & password) based on a different object than the system.user. By giving App.User an ID and also a password, we will be able to check on the door (after trying to log in with a user id & password) whether we can find an App.user object and build also the further logic (blocking after 3 attemps) etc. When doing the above, each logged in App.user would be always he same user of a certain user role. Seen the App.User just needs to see his data and just change it (so pretty simple operations which you can do very good without an own mendix account) I was wondering what would be the main differences when using a custom login instead of a mendix login? 1 - Security ? Seen I dont know the exact working of the Mendix login widget, it looks to me pretty same working inside the Mendix environment.: executing some microflow, doing some secure search in database and based on the result you can execute similar security logic as blocking etc. 2 - Analytics for monitoring. Seen each different app.user is actually one user of a certain user role, the analytics of monitoring would be false (currently logged in users). In our case is that not a business problem. 3 - Hackproofness. Who can tall the differences on this area, it seems very similar to me.. 4 - Any other main differences between a custom.user and a system.user
I think its not about the pricing, its about your business case. If the business case involves thousands of users than you should drive some revenue out of that, matching the costs of a license. And probably they won't visit the app all at the same time.
bottomline; contact sales, make a good case and get a matching pricing.
Rene Van Hofwegen
If you only need to update some data by someone you could use the deeplink module. Create some random long token so you can identify which data needs to be updated. Create a mail with the deeplink and send it. Also make sure that the token is only valid for a certain period of time. Make sure that anonymous users can reach the deeplink. This way data can be changed without having to create a user and is in my opinion no violation of the license.
If the token is long enough the risk that somebody tries to forge that token to get access to data the person should not be able to edit is small in my opinion.
But again if the use case is bigger use the option of Rene and talk to a Mendix Sales person to pitch your case.