Kbase P147237: Able to update data when blank user is disabled.
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
04/06/2009 |
|
Status: Unverified
SYMPTOM(s):
Able to update data when blank user is disabled.
User connecting with blank user id is able to update the database running the application
FACT(s) (Environment):
OpenEdge 10.x
Progress 9.x
OpenEdge Category: Language (4GL/ABL)
CAUSE:
Executing compiled code after blank user id was disabled
FIX:
_user security only prevents access to development tools like Procedure Editor and Administrative tools like Data Dictionary and Data Administration.
The compiled code .r files can be run by anyone as long as starting a client session does not require any code to be compiled on the fly.
For example, it is not allowed to start the Procedure Editor and then execute RUN statements for .r files.