Stop procedure Editor Access/Compile By providing a DB Option - OpenEdge Database - Products Enhancements - Progress Community

 OpenEdge Database

What new features or enhancements could improve the OpenEdge Database? Use this challenge to let the OpenEdge team know what would make your life easier by reducing costs and increasing productivity!

Stop procedure Editor Access/Compile By providing a DB Option

  • Under Review

Hello,

Procedure editor provide by Progress is a wonderful tool! But these days security is a concern and data privacy is another problem. We as Progress need to be also concerned about DB Security, Procedure Editor being used as a Progress provided hack tool with weak security.

Problem - Anyone can connect to OE DB using procedure editor and change data, even with blank user id disabled.

How we can improve access by PE to DB? Have "Stop PE Access" as db option (Data Admin, DB Options) that the editor checks before compile, stop any compile against the db even with/without table reference when connected to db(s) from the PE. This option combined with dbauthkey can completely lock the user out from using the procedure editor to hack/change data (using PE) or even run a program from the procedure editor.

The option can be changed by a DB Admin and controlled access can be provided when needed (can be changed when db is online or offline). Auditing of this flag can also be implemented with changes also logged to db log.

This feature could be an incentive for customers to upgrade!

Thanks
Verghese

Comments
  • Verghese,

    How to connect to DATABASE when blank userid is disabled  ?

    Sunil

  • Sunil,

    If the userid and passwords are compromised then anyone can connect to db using PE and modify data and there is no way to track it unless there are audit policy that can only track PE changes.

    Verghese