× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. February 2005

RE: Prototyped Procedures

What makes odbc any more vicious than UPDDTA?
At this point you have to decide on either using "Access-level" security 
which basically means they cannot access the data unless they use a 
program that adopts authority, or, use column level security.  Column 
level security was implemented on day 1 of OS/400 by only allowing access 
via logical files that contained only the fields they were allowed to see 
or update.  Much more recent versions of OS/400 allow you to define it on 
the physical file itself.  The problem is that many programmers would be 
loathe to change their code to something like:

dow 1=1;
  if F3;
    Leave;
  EndIf;
  // decide which fields the user actually changed.  Customize the update 
statement accordingly.
  ...
  update(e) myfile %fields(...);
  Select;
  When not %error;
    Leave;
  When %status = NotAuthorized;
    // Hey Bozo, you're not allowed to change the salary field!  I'm 
telling Mom!
  ...
  EndSl;
Exfmt;
EndDo;


Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





"Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx> 
Sent by: rpg400-l-bounces+rob=dekko.com@xxxxxxxxxxxx
02/03/2005 09:51 AM
Please respond to
RPG programming on the AS400 / iSeries <rpg400-l@xxxxxxxxxxxx>


To
"'RPG programming on the AS400 / iSeries'" <rpg400-l@xxxxxxxxxxxx>
cc

Subject
RE: Prototyped Procedures






Yeah, I remember that all too clearly myself with BPCS, Ron.  Of course,
nowadays, people allow direct ODBC access to their database -- I can't
think of anything worse.  Even with triggers in place, there's nothing
stopping someone from changing descriptions or prices, or even
transaction dates, unless you have a WHOLE lot of code in your trigger
(and that's a different debate).

Joe

> From: RPower@xxxxxxxxxx
> 
> No, my comments were meant for scenario number 2.  I just remember
that
> the company supplied all the source code and I found too many clients
> barbarized the data because they took the source and made 'custom'
> versions.

-- 
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.