Kbase P15022: How to restrict users from running unauthorized .r files.
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
09/03/2009 |
|
Status: Verified
GOAL:
How to restrict users from running unauthorized .r files.
GOAL:
How to implement security for the Progress executables.
FACT(s) (Environment):
All Supported Operating Systems
All Supported Operating Systems
Progress 8.x
Progress 9.x
OpenEdge 10.x
FIX:
If a user is connected to the DB it can compile any program and run it.
The way to get control on which programs are allowed to connect to the DB is through a pair of Proutil commands:
Proutil <your DB> -C dbauthkey <old-key> <new-key>
and
Proutil <your DB> -C rcodekey <old-key> <new-key> <.r files>
With DBAUTHKEY you are able to set a key for the databases, so any compiled program that has not being authorized to run in the DB won't run.
To set the key the first time you must type "+" as the old key.
Example:
proutil sports -C dbauthkey + secret_key
The RCODEKEY command authorizes the .r file or files that are allowed to run on the DB.
Example:
Proutil sports -C rcodekey + secret_key Program.r