OpenEdge supports application implementation of the following features for securing an application running on the OpenEdge AppServer:
Authenticating users to the AppServer at connect time.
Authenticating and transporting an application user identity across the ABL sessions of an n-tier application, and maintaining user identity context for both session-managed and session-free applications. For information on transporting (exporting and importing) user identity, see OpenEdge Development: Programming Interfaces.
Authorizing user or client access to AppServer session procedures using access control lists implemented using the EXPORT( ) method on the SESSION system handle.
Using an AppServer to intelligently filter access to database resources for clients (instead of simply "passing through" client access to database tables and fields).
Generating AppServer activity audit trails.
Using run-time compilation and other dynamic resources to dynamically configure and run AppServer procedures according to application security constraints. This feature can also make use of encrypted source code to secure the source for run-time compilation (see Secure source code). You might also want to implement secure AppServer application services using the completely dynamic application environment provided by Progress Dynamics (see Progress Dynamics security features).
For more information on AppServer program security, see OpenEdge Application Server: Developing AppServer Applications.