Progress
Client Deployment
Guide


Compile-time Security

Compile-time security checking is built into Progress. You define compile-time security for an application database at the table and field levels to prevent the user from writing their own procedures to access data in the database.

Progress lets you define the type of access rights or permissions different users can have to the tables and fields in your database applications. Progress checks these permissions when the user runs and compiles a procedure for the first time during a Progress session. However, permissions are not checked when the user runs procedures that are precompiled. For information about how to enable security for precompiled procedures, see the "Run-time Security" section later in this chapter.

If you use CRC-based r-code (the default), the user can compile a procedure against a database that has the same schema as the database (a counterfeit database) and then run the procedure against the database. Since Progress does not check the permissions of the database at compile time, you have no compile-time security. However, you can use the PROUTIL utility’s DBAUTHKEY qualifier to set an authorization key for the database. The authorization key prevents unwanted r-code from being run against the database.

For more information about CRC-based object code, see the Progress Programming Handbook. For more information about the PROUTIL utility, see the Progress Database Administration Guide and Reference.


Copyright © 2004 Progress Software Corporation
www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095