Operating System and Progress Security
Security controls applied using programs on the Security Menu (36.3) apply primarily to accessing the application itself, as well as accessing functions within the application. In addition to system controls, you should consider additional security at the operating system and Progress levels.
At the operating system level, all application-related files should be reviewed to determine the appropriate permission and ownership settings. Relevant files would include at a minimum:
• Database files (*.db)
• Log files (*.lg)
• Source code files (*.p)
• Compiled source code (*.r)
• Database backup files
• Configuration files (*.config)
• Files used to execute system implementation functions such as the QAD deployment tool
• Files that are part of the QAD .NET User Interface
For example, on UNIX platforms, a system administrator should be the owner for most—if not all—of these files. To restrict access to these files, operating system commands such as the following for UNIX can be used to limit both Read and Write access to the file owner.
chmod 600 <database file name>
The standard Progress documentation set provides information about security controls, including the following documents:
• Database Administration Guide
• Client Deployment Guide
• Progress Programming Handbook
The following sections discuss information-security exposures and mitigating controls in these areas:
• Accessing the Progress Editor from the application
• Capabilities to directly read, modify, and delete database records
• Compiling custom code on unprotected databases
• Accessing an application database directly from Progress