Try OpenEdge Now
skip to main content
Managing ABL Applications
ABL and R-code Deployment and Management : Maintaining Application Security : Compile-time security
 

Compile-time security

Compile-time security checking is built into OpenEdge. You define compile-time security for an application database at the table and field levels to prevent the user from writing their own procedures to access data in the database.
OpenEdge lets you define the type of access rights or permissions different users can have to the tables and fields in your database applications. OpenEdge checks these permissions when the user runs and compiles a procedure for the first time during an OpenEdge session. The default compile-time checking is useful for applications that are compiled each time a different user runs the application.
However, the default compile-time permissions apply to application code that is compiled each time a different user executes it and are not sufficient for precompiled applications. If you use CRC-based r-code (the default), the user can compile a procedure against a database that has the same schema as the database (a counterfeit database) and then run the procedure against the database. Since the default for OpenEdge is to do compile-time permission checking only, your database is unprotected at run time unless you do one of the following:
*Turn on run-time permission checking as described in Specifying run-time permissions checking.
*Use the PROUTIL utility's DBAUTHKEY qualifier to set an authorization key for the database. The authorization key prevents unwanted r-code that has been compile-time checked only from running against the database.
For more information about CRC-based object code, see R-code Features and Functions For more information about the PROUTIL utility, see OpenEdge Data Management: Database Administration.