× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Many of the requisite relationships, (constraints and/or triggers) can be 
done via the SQL DDL used to define the file and thus avoid the separate 
program needed.  (If you migrate to SQL from DDS.)

And, for query accessible data, you could even restrict access to views. 
The benefits are two fold.  Define your view as to only be readable for 
security reasons.  And, your view could do much of the math, joining, etc, 
thus helping to free up the user from having to redefine that logic in 
each query.

>From a strictly security standpoint I don't see how an I/O module with a 
firewall trigger improves upon just using the constraints and triggers 
themselves.  Securitywise, what can be done in an I/O module that couldn't 
be done in the trigger itself?

Rob Berendt
-- 
"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety." 
Benjamin Franklin 




"Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx> 
Sent by: rpg400-l-bounces@xxxxxxxxxxxx
11/17/2003 02:01 PM
Please respond to
RPG programming on the AS400 / iSeries <rpg400-l@xxxxxxxxxxxx>


To
"'RPG programming on the AS400 / iSeries'" <rpg400-l@xxxxxxxxxxxx>
cc

Subject
RE: ALL I/O in single module was(ARGH!!! (was file open with LR))






> From: rob@xxxxxxxxx
> 
> You are probably right on some of your more secure files, (but isn't
that
> what you said?).  And granted some data relationships need to be fully
> understood to make sound business decisions.

Actually, I think we've come to what is probably a reasonable middle
ground.  For secure files, we have a solution: I/O modules with a
firewall trigger.  For query-accessible data, you can still provide I/O
modules and a firewall trigger for updates, and then grant read access
via profiles.  These can be added as supplemental group profiles on the
users that need the access.

And I'll even go so far as to say that basic referential integrity rules
can still be implemented via the database, provided it is commented in
the I/O module as well (you should probably have a program to create the
requisite relationships as needed).

Joe

_______________________________________________
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.