Kbase P118055: The Webspeed transaction server license allows the Character Client to compile.
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
8/17/2006 |
|
Status: Unverified
FACT(s) (Environment):
OpenEdge 10.x
SYMPTOM(s):
The Webspeed transaction server license allows the Character Client to compile.
There is a security loophole with the Webspeed Transaction Server license
Users with a Webspeed Transaction server can access the database via the _progres executable and compile code because the license includes a compiler. They do not need a Development license to compile and run code against the database.
CAUSE:
This issue was logged with Development as Bug# 20040510-004. The cause of the problem is because Application server products (including the Webspeed Broker) allowed compilation by default.
FIX:
In Progress versions prior to OpenEdge 10, the way to resolve this is to apply security to the application and database so that even though the users have access to the compiler, they cannot actually make use of it. The way you do this is with RCODEKEY and the CAN-READ CAN-WRITE database security.
In OpenEdge 10.x the ability to compile with an Application Server product has been removed.