Try OpenEdge Now
skip to main content
ABL Reference
Handle Reference : SECURITY-POLICY system handle

SECURITY-POLICY system handle

A handle to security policy settings and operations for the current ABL session. These settings and operations support session data cryptography, creating a session registry for trusted security domains, and user authentication and validation.


SECURITY-POLICY [ :attribute | :method ]
An attribute of the SECURITY-POLICY handle.
A method of the SECURITY-POLICY handle.




*The LOAD-DOMAINS( ) method loads and locks a trusted domain registry for the session from the local domain registry of a single connected OpenEdge RDBMS. This type of registry supports domains for multi-tenant databases and is the most secure way to create a trusted domain registry for the session.
*The REGISTER-DOMAIN( ) and LOCK-REGISTRATION( ) methods allow you to build and lock an application-defined trusted domain registry for the session. This type of registry requires the non-secure exposure of critical domain information as the domain registry is being built, and is therefore less secure than using the LOAD-DOMAINS( ) method. It also does not support domains for multi-tenant databases.
*The SET-CLIENT( ) method can authenticate (or validate) and set the user identity for a security token represented by a client-principal object using a session trusted domain registry that you have previously loaded. This single method can set the user identity for both the session and existing database connections, depending on the user's domain definition and the design of your application authentication model. (Setting a database connection identity, alone, does not set the session identity.) The method can also set an auditable session identity.The GET-CLIENT( ) method retrieves the client-principal object previously used to set the current session identity using the SET-CLIENT( ) method. For more information on managing identity, domains, and domain registries, see OpenEdge Getting Started: Identity Management.
*The following attributes set initial encryption values for use by the GENERATE-PBE-KEY function:
*PBE-KEY-ROUNDS attribute
*The following attributes allow you to set defaults for the ENCRYPT function and the DECRYPT function:
*The XCODE-SESSION-KEY attribute contains the encryption key used by the COMPILE statement for the current session. This must be the same value used by the XCODE utility.

See also

Client-principal object handle, DECRYPT function, ENCRYPT function, GENERATE-PBE-KEY function, GENERATE-PBE-SALT function, GENERATE-RANDOM-KEY function, MESSAGE-DIGEST function