T
trosema
Guest
A callback for a domain should always run when a user in that domain connects to the database. Today, that is not the case. Today, even if a callback is configured for a domain, it is not run in every situation for that domain. Specifically, If a client session is started with the -db parameter (whether local/shared memory or remote), the callback procedure is *not* run. If the authentication system is _oeusertable and the userid/password is correct, the user is still authenticated. Using callbacks on the _oeusertable could be an excellent way to ensure that batch user accounts are only used from the local host. Without the callback, there is really no good way to do this in an environment where the database must also be enabled for network connections. Batch processes are often run using the -db option on the command line rather than starting the ABL session and then connecting to the database. Passwords for batch processes may also be more vulnerable to exposure since they must be stored on the system. Using callbacks for these batch processes can add an extra layer of security. Progress says that the callback cannot be run when -db is specified on session startup because the “database connections are completed before the ABL run-time engine is initialized and able to load and execute procedures or classes.” It seems that waiting to run the callback until the AVM is ready to run code should be ok since it doesn't run before the database is connected anyway. If the callback does not authenticate the user, the database can be disconnected if blank user access is not allowed.
Continue reading...
Continue reading...