× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Maybe the terms UPDATE and INSERT are being used in an SQL context here Rob?

Otherwise I'm going to have to spend more time parsing the semantics of this section.


Jon Paris

www.partner400.com
www.SystemiDeveloper.com

On Aug 31, 2018, at 7:07 AM, Rob Berendt <rob@xxxxxxxxx> wrote:

But doesn't that totally fly in the face of this line from section 3.5:
<snip>
Furthermore, DB2 prevents an INSERT statement from inserting a row or an
UPDATE statement from modifying a row such that the current user cannot be
permitted to access it. You cannot create a situation in which the data
you inserted or changed is no longer accessible to you.
</snip>

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Jon Paris" <jon.paris@xxxxxxxxxxxxxx>
To: "Midrange-L Midrange-l" <midrange-l@xxxxxxxxxxxx>
Date: 08/30/2018 04:04 PM
Subject: Re: Another FieldProc question
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Yup - which is why we said we thought that they should have done something
to better protect against accidental damage.

My preference - after further thought - is that perhaps the field should
be automatically protected against update by native methods. Similar in a
way to the "invisible" variable length fields that we originally had until
RPG could handle them properly.

I don't think you should have to rely on someone remembering to set a
check constraint on the field if RCAC is applied to a file. Perhaps, again
for native access, it should prohibit update _unless_ there is such a
check in place.

Dunno - but it struck me at the time, and I still feel, that the feature
was not thought through thoroughly enough.


Jon Paris

www.partner400.com
www.SystemiDeveloper.com

On Aug 30, 2018, at 3:46 PM, Rob Berendt <rob@xxxxxxxxx> wrote:

Wow did I initially read the redbook wrong. I read your blog and my
initial impression was that y'all were way off base. However I find it
tough to think Kent Milligan is due for a whiz quiz so I reread the
redbook.
<snip>
5.3 Accidental updates with masked values
The masked values that are returned by a column mask can potentially
cause
the original
data value to be accidentally overwritten, especially with applications
using native record-level
access.
For example, consider a table containing three columns of first name,
last
name, and tax ID
that is read by an RPG program. The user running the program is not
authorized to see the
tax ID value, so a masked value (*****3333) is written into the
program's
record buffer, as
shown Figure 5-1.
In this example, the application reads the data for an update to correct

the misspelling of the
last name. The last name value is changed to Smith in the buffer. Now, a

WRITE request is
issued by the program, which uses the contents of the record buffer to
update the row in the
underlying DB2 table. Unfortunately, the record buffer still contains a
masked value for the tax
ID, so the tax ID value in the table is accidentally set to the masked
value.
<image></image>
Obviously, careful planning and testing should be exercised to avoid
accidental updates with
masked values.
DB2 for i also enhanced its check constraint support in the IBM i 7.2
release with a new ON
UPDATE clause that allows the existing value to be preserved when a
masked
value is detected
by a check constraint. Details about how to employ this new check
constraint support can be
found in 6.8.1, “Check constraint solution” on page 108.
</snip>

So basically Kent was right and the check constraint should stop the
errant update. What it doesn't stop is the intentional hack. For
example, if you read the column and RCAC masks it as *****1234 and you
do
an update and have the check constraint "on update violation" set that
if
the string begins with "*****" to ignore the update of that column
you're
all good. But if someone reads *****1234 and sets it to 123456789 it
will
write out the whole 123456789.

Section 3.5 and section 5.3 seem to totally conflict.
https://www.redbooks.ibm.com/redpapers/pdfs/redp5110.pdf


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Jon Paris" <jon.paris@xxxxxxxxxxxxxx>
To: "Midrange-L Midrange-l" <midrange-l@xxxxxxxxxxxx>
Date: 08/30/2018 03:24 PM
Subject: Re: Another FieldProc question
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



We blogged about this some time back when we became concerned at the
somewhat cavalier approach some people were taking in applying this
capability to tables that were also handled by native RPG.

Here's the blog post

http://ibmsystemsmag.com/blogs/idevelop/archive/rcac-two-steps-forward-one-back/

<

http://ibmsystemsmag.com/blogs/idevelop/archive/rcac-two-steps-forward-one-back/

if you read the comments you'll see Kent Milligan's take on it.

Our advice remains to be very very careful in applying this to existing
applications.


Jon Paris

www.partner400.com
www.SystemiDeveloper.com

On Aug 30, 2018, at 3:00 PM, James H. H. Lampert
<jamesl@xxxxxxxxxxxxxxxxx> wrote:

On 8/30/18, 11:50 AM, Rob Berendt wrote:
I think Buck is right on with his suggestion to supply feed back at
the
end of his long reply.
JSMITH reads the row using an RPG read.
The value of SSN is shown to him as *****1234.
The program does: ssn='123456789' then an RPG update. Does it accept
that and store the encrypted value of '123456789' or what? Like, "so

I
can't read it, can I set the value instead"?

Mr. Berendt guessed right. The circumstances in question are indeed
strictly native Record Level Access. What happens if the record is
updated
by somebody who sees a redacted value, both with and without attempting
to
change the value?

Thanks, Rob, for saving me the trouble of clarifying the circumstances.

--
JHHL
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.