enter creation password when lookup with qualifiers?

Bruce Easton bruce at stn.com
Tue Jan 29 12:05:13 PST 2008


Kenneth Brody wrote Tuesday, January 29, 2008 1:52 PM:
> To: gccconsulting at comcast.net
> Cc: 'filepro list'
> Subject: RE: enter creation password when lookup with qualifiers?
> 
> 
> Quoting GCC Consulting (Tue, 29 Jan 2008 12:34:14 -0500):
> 
> [... Why does filePro ask for a creation password at runtime on a 
>       ...]
> {... variable lookup?                                             
>       ...]
> 
> >> > ky = "myself"
> >> > fn = "employees"
> >> > lookup salary = (fn) k=ky i=a -nxp
> >> > salary[10] = salary[10] * "1.5"
> >> > write salary
> 
> [...]
> 
> > If fp didn't want to break the current code regarding the 
> creation password
> > and lookups using a variable, there are 2 solutions:
> >
> > 	1. Another environmental variable pfcrpw=no  Turn off asking for the
> > creation password at runtime
> > 	2. Ability to bypass the password at runtime in programming with a
> > lookup flag to bypass the creation password request.
> >
> > This last option does can offer some runtime security by 
> allowing using a
> > variable but based on the user allow access directly or require 
> a password.
> 
> And these solutions differ from "don't ask for the password", how?
> 
> -- 
> KenBrody at BestWeb dot net        spamtrap: <g8ymh8uf001 at sneakemail.com>

Well I don't see them as being different from "don't ask for the password" 
except that they give the developer some flexiblity in controlling the 
runtime behavior.  But security-wise, I would think any filepro-savy 
user could still do what you showed in your salary example.

What I suggested would differ from the present behavior as follows
(based on file XYZ having a creation password):

PRESENT BEHAVIOR
----------------
1.  DEV: Tiny developer BE puts var-named lookup to file XYZ in 
    prc table and saves.
--- no prompt yet for creation pw for XYZ.
2.  RUNTIME: End-user 10299 is running program at Pal*Mart #845845 
    in Walla Walla, WA.
--- prompt appears for creation password meant to protect software.


PROPOSED BEHAVIOR
-----------------
1.  DEV: Developer BE puts var-named lookup to file XYZ. 
    Prior to saving table, developer hits new hot key in cabe 
    that is labeled "Pre-authorize creation passwords."  Cabe 
--- asks for one filename at a time or some key to exit. 
    Developer BE enters XYZ as the first filename - cabe asks
    (as if the lookup was in the table) "enter the creation 
    password for XYZ:".  Developer BE enters the password.
    If it is OK, then cabe asks for another file.  (If it 
    was not the correct password, or if the developer never 
    ran this new dialog from the hot key, then cabe would, 
    when the table is saved, behave exactly as it does now 
    including asking for the creation password at runtime.)  
    Developer BE says no more filenames to enter and exits 
    the new dialog.  Now, when the table is saved and 
    tokenized cabe continues as if the lookup for a literal 
    XYZ had been there all along and accessed for use via 
    the creation password.  (And in fact, the developer 
    had to know the cp to get to get that behavior.)
2.  RUNTIME: End-user 10299 at Pal*Mart runs program.
--- there is no prompt for any creation password.

I would think implementing this would mainly involve: 
a.  changing cabe to have and use this new dialog for 
    pre-authorizing lookups, and
b.  changing the runtime progs to not even check for  
    (much less prompt for) creation passwords.


Much more simply, if the behavior were to change in cabe so 
that a literally-named lookup (even if not executed) could 
pre-approve the creation password, then that would work too, 
although it might not be considered a backward-compatible 
solution.

Bruce

Bruce Easton
STN, Inc.

 







More information about the Filepro-list mailing list