One possible drawback of using CRC validation is that anyone having an OpenEdge development environment can create a counterfeit database (a database with the same structure as your database). The user can then write a program, compile it, and run it against your database. Using time stamp validation prevents this because the time stamps in the counterfeit code do not match those in your database.

However, you can also combine CRC validation with additional security to prevent unauthorized r-code access. You can either turn on run-time permission checking or use the PROUTIL utility's DBAUTHKEY qualifier. For details on how to turn on run-time permission checking, see MaintainingApplication Security.

The DBAUTHKEY option of the PROUTIL utility allows you to set an authorization key for your database. When you compile your source code, OpenEdge includes the value of this authorization key in your r-code. You can also use the RCODEKEY option of PROUTIL to insert the authorization key in existing r-code. Any r-code that does not include the correct authorization key cannot run against your database. For more information about using PROUTIL to create and set database authorization keys, see OpenEdge Data Management: Database Administration.