Monday May 29, 2017

      SteelArrow Basics
      SteelArrow Tags
  SteelArrow Functions
  SteelArrow Objects
  Advanced Topics
  WAS Overview
  Code Samples
  Site Search

Get SteelArrow!     
  Security Concerns    
SteelArrow has many levels of security built into its design. Security can be completely configured by the adminsitrator to ensure the uptmost level of secure system access.

The following tags are secure tags:

By default all tags use the GLOBAL user account. This account is the default account that is used to access all system resources. Upon installing SteelArrow, the administrator is prompted to decide which tags will be available to the GLOBAL user account. After SteelArrow is installed, the adminsitrator may use the SAConfig or supplied SteelArrow scripts to configure user accounts.

Each of the above listed tags can be associated with a username/password pair. When this is done, and the tag is not already available to the GLOBAL user, the USERCONTEXT tag must be used to gain access to the tag.

As an example, the READFILE tag may be disabled at the GLOBAL level, but may be required within an administration script for access to a data file. A user account has been setup as admin/123 that has access to the READFILE tag.

The following shows an example of this implementation:

<!--- Put this script into the admin context --->
   <!--- File accessed --->
   <SAREADFILE FILE="config.dat" NAME=cfgData>
<!--- End admin context --->

As well, tags such as READFILE, WRITEFILE and IMPORT will not allow absolute path names. Absolute path names can be accessed using the FILE tag. This gives the administrator full control over what resources can be accessed by a particular user, and allows the adminsitrator the ability to offer access to data files that the user should have access to without jeopardizing system integrity.

By only allowing relative path access to data files SteelArrow makes certain that only files within the script directory (or its sub-directories) can be accessed. As well, SteelArrow does not allow the use of '..' (parent directory) specifiers when these tags are used.

If there is a requirement to access resources ouside of the script directory as described above, a FUNCTION can be created in the system wide functions.aro file. By creating a function that does a specific task (ie. copying a file with the FILE tag) the administrrator can maintain complete security without limitting a user.

Note: The functions.aro file is read in when SteelArrow is started, and is only accessible to the system administrator. Within this file, functions can be defined as required, that are available to all users.


Another security feature includes support for username/password pairs to access ODBC datasources using the QUERY tag.


Copyright © 1998-2004 Tomahawk Technologies Inc.
Privacy Policy