A better option than calling RPG programs directly is to create external SQL stored procedures that wrap around the RPG programs. Then you are more platform agnostic. Your front end will call the same SQL stored procedures whether it be Java, Net.Data, PHP, etc.
Todd
-----Original Message-----
From: WEB400 [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Joe W Holt
Sent: Friday, October 24, 2014 1:57 PM
To: Web Enabling the IBM i (AS/400 and iSeries)
Subject: Re: [WEB400] Net.Data and session management
Larry, that's precisely why I prefer using RPG logic for most of my development that isn't static. I've not actually learned enough SQL to even embed yet. Problem I have with that though is even though I'm protected with the RPG parameter passing you can't convince the PCI compliance police scanners out there that the SQL injection methods don't work on your forms so you have to make changes to comply with their demands. It is nice being safe, be nicer if they understood it.
***
Regards,
Joe W Holt
Sr Programmer/Developer
Jack Onofrio Dog Shows, LLC
405.427.8181
From: Larry Kleinman <larry@xxxxxxxxxxxxxxxxx>
To: "Web Enabling the IBM i \(AS/400 and iSeries\)"
<web400@xxxxxxxxxxxx>
Cc: "WEB400" <web400-bounces@xxxxxxxxxxxx>
Date: 10/24/2014 12:42 PM
Subject: Re: [WEB400] Net.Data and session management
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxx>
I am also (pleasantly) surprised by the recent amount of net.data
conversations. I have used it for more than 5 years and, like Joe,
appreciate the relative safety provided by the fact that nobody outside of the 400 world has ever heard of it. (Lots of people inside have never
heard of it either, but that's a different story.) However, I started
using PHP instead of net.data a few years ago, mostly out of the feat that I would wake up one day to find version 7.x (or 8.x) no longer supports
it. I have come to appreciate a lot of the stuff that PHP provides that
net.data does not - support for JSON, for example - and have alleviated a lot of my "hackers who are smarter than I am will destroy my system if I
put PHP on it" fear by still using a lot of RPG. I limit direct SQL
calls as much as reasonably possible, using RPG to do all file updating
and maybe 90% of my data retrieval to the web. It's pretty hard for
someone to do SQL injection when it is a parm passed to RPG which is turned into good ole' CHAINs, and READE's.
Larry Kleinman
Kleinman Associates, Inc.
212-949-6469
From: "Joe W Holt" <joe.holt@xxxxxxxxxxx>
To: web400@xxxxxxxxxxxx,
Date: 10/24/2014 01:23 PM
Subject: [WEB400] Net.Data and session management
Sent by: "WEB400" <web400-bounces@xxxxxxxxxxxx>
I've noticed an uptick of Net.Data users posting so I wanted to push out a question. Back when I adopted Net.Data (when it first came out) I developed with it as mainly an interface to maintain session management using persistence and calling rpg programs. Well with the passage of time persistence is frowned upon even more so today. It is way too easy to create an error forcing the persistence to bomb out and eject the user data. I'm quickly writing the replacement application and am being pushed by relevance of technology to use other tools such as php. Not a big proponent of using php on my box. I prefer CGIDEV2 and such tools that are relatively unknown outside of the 400 circles so that they aren't readily high profile attack options. As I examine my apache logs I see countless times the efforts being made in the public to take advantage of known attacks these other platforms have fallen prey.
Anyone else adopt some session management styles with Net.Data that would be nice to implement? I've started using CGIDEV2 and userspaces with cookies but it isn't a very clean approach due to my own haste and am rethinking my options. I'm either going to have to adopt another tool like php, clean up the CGIDEV2 process, or use Net.Data with??? Any thoughts would be great. I'm not with great confidence that Net.Data will survive as an available product as technology continues to change. I was very surprised (and relieved) to have it on 7.1.
***
Regards,
Joe W Holt
Sr Programmer/Developer
Jack Onofrio Dog Shows, LLC
405.427.8181
For More Than 80 Years—Delivering Solutions That Exceed Expectations.
This communication and any transmitted documents are intended to be confidential. If there is a problem with this transmission, please contact the sender. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.