× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. July 2017

Re: RPG easier/harder to use than other languages?

BL must reside on the server bla bla bla - wrong - BL must reside where the
data is stored!

In IoT we have a lot of devices that contains data that will never reach a
server unless the server needs the data. In other words IoT has to be able
to work off-line and without dependencies so of course BL has to be
replicated for each device exactly as we do today in out smartphones where
many app's still works even in off-line mode.

In other words - your future pace-maker comes in two models one with 16GB
and one with 32GB storage, a processer and a lot of "BL" in order to work.
It will also have web-services so your doctor is able to log-in to it when
needed and the producer may even update the BL in the devices "as you go"
and the hospital may retreive data from it for medical research where the
keypoint is that there is no need to collect data from devices unless you
need it.

So in the future we will see "packages" send from a server that not only
holds data but also BL so the "package" becomes an object with data and
build in methods in fact we do it already today because when we send a
table from one IBM i to another IBM i we sends the table object and not the
raw data.

On Sat, Jul 8, 2017 at 3:24 AM, Buck Calabro <kc2hiz@xxxxxxxxx> wrote:

On 7 July 2017 at 13:43, Nathan Andelin <nandelin@xxxxxxxxx> wrote:
ODBC is also too hard to secure.

In our environment the profile that uses ODBC is authorised to the
stored procedures and only to the SPs.
The database is owned by a separate profile.
The stored procedures are external LANGUAGE RPGLE.
The RPGLE programs are OWNER(database) USRPRF(*OWNER)
The underlying table/views are PUBLIC(*EXCLUDE).

With this design, no end user can directly read or write to the
database; they need to go through the stored procedures.

Assuming an attack that compromises the web server, those procedure
names, parameter lists, and data flows would become known to the
attacker, allowing an injection attack to be launched from the
compromised, but still authorised, web server. It seems to me that
this attack surface is the same whether the underlying communication
between the web/front end and the database/back end is stored
procedures or a web service.

--buck
--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.