Try OpenEdge Now
skip to main content
Developing AppServer Applications
Design and Implementation Considerations : Security considerations : User authentication and authorization
 

User authentication and authorization

You typically handle authentication and authorization tasks at the point of connection, using the Connect procedure, which can accept parameters for user authentication and refuse a client connection according to the result. For a state-reset or state-aware AppServer, you can take full advantage of this to authorize, on a user basis:
*What procedures (entry points) can be run by the connected AppServer agent by setting an export list using the EXPORT( ) method.
*Connections to databases and other AppServers from the connected AppServer agent. For more information on limiting database access through a connected AppServer agent, see Database access.
However, for stateless and state-free AppServers, you cannot directly authorize and implement these options at connect time.
* Authorization on a state-reset or state-aware AppServer
* Authorization on a stateless or state-free AppServer