OpenEdge provides the following types of security for an ABL application:
Identity management — Primarily supports the following security services:
Authentication — Ensures that only a user with valid user credentials can login to and run an application or connect to a particular database. Once validated, authentication seals the user credentials in a portable security token. The AVM uses the sealed security token to authorize user access to ABL sessions, applications or database connections within a domain.
Authorization — Ensures that only authorized users can read or change application and database options and resources, such as data tables and fields, and the table, field, and index definitions (schema) in a database. OpenEdge supports compile-time authorization, which ensures that only authorized users can compile procedures and classes that access specific database tables and fields, and run-time authorization, which ensures that only authorized users can access specific database tables and fields or run specific precompiled procedures and classes.
Cryptography — Ensures data privacy and integrity so that unauthorized users cannot read or change data, whether it is stored in a database, stored in an ABL session context, or transported over a network.
Auditing — A means of securely tracking and recording a trail of events that occur during execution of an application. The basic security in auditing allows this trail of events (audit events) to be recorded in a manner that cannot be changed or otherwise repudiated after the fact. You can use ABL to record application-defined audit events and also to build custom audit configuration tools.
This chapter primarily describes how to use the ABL features that support identity management and cryptography. For a comprehensive overview of OpenEdge identity management, including ABL support, see OpenEdge Getting Started: Identity Management. For a general introduction to OpenEdge security, cryptography, and a comprehensive guide to OpenEdge auditing, see OpenEdge Getting Started: Core Business Services - Security and Auditing. For information making secure network connections between ABL clients and database servers, see the information on database connections in Database Access. For information on creating secure sockets in ABL, see Sockets. For more information on ABL support for auditing, see Auditing
The security administrator can define security options for database connections, schema changes, and compile-time authorization in the Data Dictionary and in other database administration tools to manage secure database connections. OpenEdge also uses the same settings for compile-time authorization in order to handle run-time authorization for database table and field access. For more information on database security administration, see OpenEdge Data Management: Database Administration and OpenEdge Deployment: Managing ABL Applications.
As described in the rest of this chapter, the developer is usually responsible for authenticating users, managing user identity, connecting securely to a database, authorizing access to application resources, and managing cryptographically secured data within an ABL session.
Identity management — Primarily supports the following security services: