Larry, that's precisely why I prefer using RPG logic for most of my
development that isn't static. I've not actually learned enough SQL to even
embed yet. Problem I have with that though is even though I'm protected
with the RPG parameter passing you can't convince the PCI compliance police
scanners out there that the SQL injection methods don't work on your forms
so you have to make changes to comply with their demands. It is nice being
safe, be nicer if they understood it.
***
Regards,
Joe W Holt
Sr Programmer/Developer
Jack Onofrio Dog Shows, LLC
405.427.8181
From: Larry Kleinman <larry@xxxxxxxxxxxxxxxxx>
To: "Web Enabling the IBM i \(AS/400 and iSeries\)"
<web400@xxxxxxxxxxxx>
Cc: "WEB400" <web400-bounces@xxxxxxxxxxxx>
Date: 10/24/2014 12:42 PM
Subject: Re: [WEB400] Net.Data and session management
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxx>
I am also (pleasantly) surprised by the recent amount of net.data
conversations. I have used it for more than 5 years and, like Joe,
appreciate the relative safety provided by the fact that nobody outside
of the 400 world has ever heard of it. (Lots of people inside have never
heard of it either, but that's a different story.) However, I started
using PHP instead of net.data a few years ago, mostly out of the feat that
I would wake up one day to find version 7.x (or 8.x) no longer supports
it. I have come to appreciate a lot of the stuff that PHP provides that
net.data does not - support for JSON, for example - and have alleviated a
lot of my "hackers who are smarter than I am will destroy my system if I
put PHP on it" fear by still using a lot of RPG. I limit direct SQL
calls as much as reasonably possible, using RPG to do all file updating
and maybe 90% of my data retrieval to the web. It's pretty hard for
someone to do SQL injection when it is a parm passed to RPG which is
turned into good ole' CHAINs, and READE's.
Larry Kleinman
Kleinman Associates, Inc.
212-949-6469
From: "Joe W Holt" <joe.holt@xxxxxxxxxxx>
To: web400@xxxxxxxxxxxx,
Date: 10/24/2014 01:23 PM
Subject: [WEB400] Net.Data and session management
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxx>
I've noticed an uptick of Net.Data users posting so I wanted to push out a
question. Back when I adopted Net.Data (when it first came out) I
developed
with it as mainly an interface to maintain session management using
persistence and calling rpg programs. Well with the passage of time
persistence is frowned upon even more so today. It is way too easy to
create an error forcing the persistence to bomb out and eject the user
data. I'm quickly writing the replacement application and am being pushed
by relevance of technology to use other tools such as php. Not a big
proponent of using php on my box. I prefer CGIDEV2 and such tools that are
relatively unknown outside of the 400 circles so that they aren't readily
high profile attack options. As I examine my apache logs I see countless
times the efforts being made in the public to take advantage of known
attacks these other platforms have fallen prey.
Anyone else adopt some session management styles with Net.Data that would
be nice to implement? I've started using CGIDEV2 and userspaces with
cookies but it isn't a very clean approach due to my own haste and am
rethinking my options. I'm either going to have to adopt another tool like
php, clean up the CGIDEV2 process, or use Net.Data with??? Any thoughts
would be great. I'm not with great confidence that Net.Data will survive
as an available product as technology continues to change. I was very
surprised (and relieved) to have it on 7.1.
***
Regards,
Joe W Holt
Sr Programmer/Developer
Jack Onofrio Dog Shows, LLC
405.427.8181
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/web400.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.