This article discusses Recital database security: from operating system file permissions through file and field protection to DES3 encryption.
Overview
A company's data is extremely valuable and must be protected, both in operation and in physical file format. Recital products provide a range of ways to protect your data.
Operating System File Permissions
The most basic level of database security is provided by the operating system. Recital database tables and indexes are individual files with their own respective operating system file permissions. Read permission is required to open a table and write permission to update a table. If a user does not have read permission they are denied access. Without write permission, a table will be opened read-only.
Here the owner, root, and members of the recital group have write permission, so can update the example table unless additional protection applies. Other users can only open the example table read-only.
# ls -l example* -rwxrwxr-x 1 root recital 147 Nov 29 14:27 example.dbd -rwxrwxr-x 1 root recital 41580 Nov 29 14:27 example.dbf -rwxrwxr-x 1 root recital 13312 Nov 29 14:28 example.dbt -rwxrwxr-x 1 root recital 19456 Nov 29 14:28 example.dbx
Note: As in the example above, a table's associated files should have the same permissions as the table itself:
|
File Extension |
File Type |
|
.dbd |
Dictionary |
|
.dbf |
Table |
|
.dbt |
Memo |
|
.dbx |
Index |
Database Dictionary
Each Recital table may have a Database Dictionary. The Dictionary can be used both to protect the integrity of the data and to protect access to the data. This section covers Column Constraints, Triggers, Security and Protection.
Column Constraints: Data Integrity
The Dictionary attributes or constraints either prevent the entry of incorrect data, e.g. must_enter and validation or aid the entry of correct data, e.g. default, picture and choicelist. The Dictionary can be modified in the character mode CREATE/MODIFY STRUCTURE worksurface, via SQL statements, or in the Recital Enterprise Studio Database Administrator.
Click image to display full size
Fig 1: MODIFY STRUCTURE Worksurface: Dictionary.
The SQL Column Constraints are as follows:
|
Constraint |
Description |
|
AUTO_INCREMENT | AUTOINC |
Used to auto increment the value of a column. |
|
CALCULATED |
Used to calculate the value of a column. |
|
CHECK | SET CHECK |
Used to validate a change to the value of a column. |
|
DEFAULT |
Used to set a default value for the specified column. |
|
DESCRIPTION |
Used set the column description for the specified column. |
|
ERROR |
Used to define an error message to be displayed when a validation check fails. |
|
FOREIGN KEY |
Used to define a column as a Foreign Key for a parent table. |
|
NOCPTRANS |
Used to prevent code page translation for character and memo fields. |
|
NOT NULL | NULL |
Used to disallow/allow NULL values. |
|
PRIMARY KEY |
Used to define a table’s Primary Key. |
|
RANGE |
Used to specify minimum and maximum values for a date or numerical column. |
|
RECALCULATE |
Used to force recalculation of calculated columns when a column’s value changes. |
|
REFERENCES |
Used to create a relationship to an index key of another table. |
|
UNIQUE |
Used to define the column as a candidate index for the table |
These can be specified in CREATE TABLE or ALTER TABLE statements:
exec sql OPEN DATABASE southwind; exec sql ALTER TABLE customers ADD COLUMN timeref char(8) CHECK validtime(timeref) ERROR "Not a valid time string";
Click image to display full size
Fig 2: Database Administrator: Column Constraints and Attributes.
TRIGGERS
Table Level Triggers are event-driven procedures called before an I/O operation. These can be used to introduce another layer of checks before a particular operation is permitted to take place or to simply set up logging of those operations.
The CREATE/MODIFY STRUCTURE worksurface <TRIGGERS> menu bar option allows you to specify table level triggers. You may edit a trigger procedure from within the <TRIGGERS> menu by placing the cursor next to the procedure name and pressing the [HELP] key. A text window pops up for editing. If the table triggers are stored in separate <.prg> files, rather than in a procedure library, procedures need not be predefined (SET PROCEDURE) before using the table.
Click image to display full size
Fig 3: MODIFY STRUCTURE Worksurface: Triggers.
The following triggers can be selected and associated with a specified procedure name in the <TRIGGERS> menu.
|
Trigger |
Description |
|
UPDATE |
The specified procedure is called prior to an update operation on the table. If the procedure returns .F., then the UPDATE is canceled. |
|
DELETE |
The specified procedure is called prior to a delete operation on the table. If the procedure returns .F., then the DELETE is canceled. |
|
APPEND |
The specified procedure is called prior to an append operation on the table. If the procedure returns .F., then the APPEND is canceled. |
|
OPEN |
The specified procedure is called after an open operation on the table. |
|
CLOSE |
The specified procedure is called prior to a close operation on the table. |
|
ROLLBACK |
The specified procedure is called when a user presses the [ABANDON] key in a forms based operation. |
The Recital Enterprise Studio Database Administrator also allows you to associate existing programs as Table Trigger Procedures.
Click image to display full size
Fig 4: Database Administrator: Triggers.
Programmatically, Trigger Procedures can also be associated with a table using SQL. The following table constraints may be applied in the SQL CREATE TABLE and ALTER TABLE statements:
|
Trigger |
Description |
|
ONUPDATE |
The specified procedure is called prior to an update operation
on the table. If the procedure returns .F., then the UPDATE
is canceled. |
|
ONDELETE |
The specified procedure is called prior to a delete operation
on the table. If the procedure returns .F., then the DELETE
is canceled. |
|
ONINSERT |
The specified procedure is called prior to an insert operation
on the table. If the procedure returns .F., then the INSERT
is canceled. |
|
ONOPEN |
The specified procedure is called after an open operation
on the table. |
|
ONCLOSE |
The specified procedure is called prior to a close operation
on the table. |
|
ONROLLBACK |
The specified procedure is called when a user presses the
[ABANDON] key in a forms based operation. |
SECURITY
As mentioned above, all Recital files are subject to Operating System read and write permissions. These permissions can be further refined, while still using the Operating System user and group IDs, in the Security and Protection sections of the Dictionary. The Security section handles table based operations and the Protection section focuses on individual fields.
Security and Protection rules can be defined in the CREATE/MODIFY STRUCTURE worksurface of Recital Terminal Developer, via the SQL GRANT and REVOKE statements or in the Recital Enterprise Studio Database Administrator.
Click image to display full size
Fig 5: MODIFY STRUCTURE Worksurface: Security.
The Security section has table operations for which Access Control Strings can be specified. An Access Control String (ACS) is a range of valid user identification codes, and is used to restrict table operations to certain individuals or groups. Each user on the system is allocated a group number and a user number. The user identification code is the combination of group and user numbers. When constructing an Access Control String of linked user identification codes, wild card characters may be used.
|
Example ACS |
Description |
|
[1,2] |
In group 1, user 2 |
|
[100,*] |
In group 100, all users |
|
[2-7,*] |
In groups 2-7, all users |
|
[*,100-200] |
In all groups, users 100-200 |
|
[1,*]&[2-7,1-7] |
In group 1, all users, in groups 2-7, users 1-7 |
Please note that the maximum ACS length is 254 characters. OpenVMS group and user numbers are stored and specified in octal. On other Operating Systems, group and user numbers are stored and specified in decimal.
Access Control Strings may be associated with the following operations:
|
Operation |
Description |
|
READONLY |
Users specified in the ACS have read-only access to the table. All other users have update access. |
|
UPDATE |
Users specified in the ACS have update access to the table. All other users are restricted to read-only access. |
|
APPEND |
Users specified in the ACS can append records into the table. No other users can append. |
|
DELETE |
Users specified in the ACS can delete records from the table. No other users can delete. |
|
COPY |
Users specified in the ACS can copy records from the table. No other users can copy. |
|
ADMIN |
Users specified in the ACS can use the following commands: |
The corresponding SQL privileges are:
|
Operation |
Description |
|
SELECT |
Users specified in the ACS may name any column in a SELECT statement. All other users have update access. |
|
UPDATE |
Users specified in the ACS may name any column in an UPDATE statement. All other users are restricted to read-only access. |
|
INSERT |
Users specified in the ACS can INSERT rows into the table. No other users can INSERT. |
|
DELETE |
Users specified in the ACS can DELETE rows from the table. No other users can DELETE. |
|
ALTER |
Users specified in the ACS can use the ALTER TABLE statement on this table. |
|
READONLY |
Users specified in the ACS may read any column in a SELECT statement. All other users have update access. |
// Grant insert privilege for the customer table exec sql OPEN DATABASE southwind; exec sql GRANT UPDATE (lastname, firstname) INSERT ON customers TO '[20,100]'; // Grant all privileges to all users exec sql OPEN DATABASE southwind; exec sql GRANT ALL ON shippers TO PUBLIC;
PROTECTION
Security and Protection rules can be defined in the CREATE/MODIFY STRUCTURE worksurface of Recital Terminal Developer, via the SQL GRANT and REVOKE statements or in the Recital Enterprise Studio Database Administrator.
Click image to display full size
Fig 6: Database Administrator: Protection.
The format of the ACS is the same as in <SECURITY> above.
The following protection can be defined:
|
Operation |
Description |
|
READONLY |
Users specified in the ACS have read-only access to the field. All other users have update access. |
|
UPDATE |
Users specified in the ACS have update access to the field. All other users are restricted to read-only access. |
Recital Terminal Developer also has 'HIDDEN' Protection:
|
Operation |
Description |
|
HIDDEN |
Users specified in the ACS see the 'hiddenfield'character rather than the data in the field. All other users see the data. |
Hidden fields can be accessed and viewed on a work surface, but the field contains the hiddenfield character, ‘?’. If the field is referenced in an expression, it will contain the following: blanks for character fields, ‘F’ for logical fields, 00/00/0000 for date fields and blank for memo fields.
The corresponding SQL privileges are:
|
Operation |
Description |
|
SELECT |
Users specified in the ACS may name the column in a SELECT statement. All other users have update access. |
|
UPDATE |
Users specified in the ACS may name the column in an UPDATE statement. All other users are restricted to read-only access. |
|
READONLY |
Users specified in the ACS may read the column in a SELECT statement. All other users have update access. |
// Grant update privilege for columns lastname and firstname from the customer table exec sql OPEN DATABASE southwind; exec sql GRANT UPDATE (lastname, firstname) customers TO '[20,100]';
Encryption
From Recital 8.5 onwards, Recital installations that have the additional DES3 license option have the ability to encrypt the data held in Recital database tables. Once a database table has been encrypted, the data cannot be accessed unless the correct three-part encryption key is specified, providing additional security for sensitive data.
ENCRYPT
The ENCRYPT Recital 4GL command is used to encrypt the data in the specified table or tables matching a skeleton. If the skeleton syntax is used, then all matching tables will be given the same encryption key. The encryption key is a three part comma-separated key and may optionally be enclosed in angled brackets. Each part of the key can be a maximum of 8 characters. The key is DES3 encrypted and stored in a .dkf file with the same basename as the table. After encryption, the three parts of the key must be specified correctly before the table can be accessed.
// Encrypt individual tables encrypt customers key "key_1,key_2,key_3" encrypt employees key "<key_1,key_2,key_3>" // Encrypt all .dbf files in the directory encrypt *.dbf key "key_1,key_2,key_3"
SET ENCRYPTION
If a database table is encrypted, the correct three-part encryption key must be specified before the table's data or structure can be accessed. The SET ENCRYPTION TO set command can be used to specify a default encryption key to be used whenever an encrypted table is accessed without the key being specified. The encryption key is a three part comma-separated key.
If the command to access the table includes the key, either by appending it to the table filename specification or using an explicit clause, this will take precedence over the key defined by SET ENCRYPTION TO.
Issuing SET ENCRYPTION TO without a key causes any previous setting to be cleared. The key must then be specified for each individual encrypted table.
The default key defined by SET ENCRYPTION is only active when SET ENCRYPTION is ON. SET ENCRYPTION OFF can be used to temporarily disable the default key. The SET ENCRYPTION ON | OFF setting does not change the default key itself. SET ENCRYPTION is ON by default.
// Encrypt individual tables encrypt customers key "key_1,key_2,key_3" encrypt shippers key "key_2,key_3,key_4" // Specify a default encryption key set encryption to "key_1,key_2,key_3" // Open customers table using the default encryption key use customers // Specify shippers table's encryption key use shippers<key_2,key_3,key_4> // Disable the default encryption key set encryption to // Specify the individual encryption keys use customers encryption "key_1,key_2,key_3" use shippers<key_2,key_3,key_4>
DECRYPT
The DECRYPT command is used to decrypt the data in the specified table or tables matching a skeleton. The specified key must contain the three part comma-separated key used to previously encrypt the table and may optionally be enclosed in angled brackets. The skeleton syntax can only be used if all tables matching the skeletonhave the same key.
The DECRYPT command decrypts the data and removes the table’s .dkf file. After decryption, the key need no longer be specified to gain access to the table.
// Decrypt individual tables decrypt customers key "key_1,key_2,key_3" decrypt employees key "<key_1,key_2,key_3>" // Decrypt all .dbf files in the directory decrypt *.dbf key "key_1,key_2,key_3"
All of the following commands are affected when a table is encrypted:
- APPEND FROM
- COPY FILE
- COPY STRUCTURE
- COPY TO
- DIR
- USE
- SQL INSERT
- SQL SELECT
- SQL UPDATE
APPEND FROM
Used to append records to the active table from another table.// The key must be specified for an encrypted source table
use mycustomers append from customers encryption "key_1,key_2,key_3"; for country = "UK"
COPY FILE
Used to copy a file.// The key file must also be copied for an encrypted source table // as the target table will be encrypted
encrypt customers key "key_1,key_2,key_3" copy file customers.dbf to newcustomers.dbf copy file customers.dkf to newcustomers.dkf use newcustomers encryption "key_1,key_2,key_3"
COPY STRUCTURE
Used to copy a table's structure to a new table.// The key file is automatically copied for an encrypted source table // and the target table encrypted
encrypt customers key "key_1,key_2,key_3"
use customers encryption "key_1,key_2,key_3" copy structure to blankcust use blankcust encryption "key_1,key_2,key_3"
COPY TO
Used to copy a table.// By default, the key file is automatically copied for an encrypted // source table and the target table encrypted with the same key encrypt customers key "key_1,key_2,key_3" use customers encryption "key_1,key_2,key_3" copy to newcustomers use newcustomers encryption "key_1,key_2,key_3" // You can also create a copy with a different key encrypt customers key "key_1,key_2,key_3" use customers encryption "key_1,key_2,key_3" copy to newcustomers encrypt "newkey_1,newkey_2,newkey_3" use newcustomers encryption "newkey_1,newkey_2,newkey_3" // Or create a decrypted copy encrypt customers key "key_1,key_2,key_3" use customers encryption "key_1,key_2,key_3" copy to newcustomers decrypt use newcustomers // You can also create an encrypted copy of a non-encrypted source table use orders copy to encorders encrypt "newkey_1,newkey_2,newkey_3" use encorders encryption "newkey_1,newkey_2,newkey_3"
DIR
Used to display a directory listing of tables.// Encrypted tables are flagged as such with (DES3) > open database southwind > dir
Current database: southwind Tables # Records Last Update Size Dictionary Triggers Security categories.dbf 8 01/10/06 24576 None None None cisamdemo.dbf ---> CISAM/Bridge [cisamdemo] customers.dbf (DES3) 91 05/12/04 49600 None None None employees.dbf 9 05/12/04 25520 None None None example.dbf (DES3) 100 12/24/05 38080 Yes Yes None order_details.dbf 2155 05/12/04 296320 None None None orders.dbf 829 05/12/04 232704 None None None products.dbf 77 05/12/04 37112 None None None productsbyname.dbf 77 05/12/04 29104 None None None shippers.dbf (DES3) 3 05/12/04 20864 None None None suppliers.dbf 29 12/08/05 29992 Yes None None 0.765 MB in 11 files. 1.093 GB remaining on drive.
USE
Used to open a table.// The three part key must be specified to open an // encrypted table. All of the following are valid. // 1. Specifying a default encryption key before opening the table set encryption to "key_1,key_2,key_3" use customers // 2. Appending the key to the filename use customers<key_1,key_2,key_3> // 3. Using the ENCRYPTION clause, optionally specifying angled brackets use customers encryption "key_1,key_2,key_3" use customers encryption "<key_1,key_2,key_3>"
SQL INSERT
Used to add a row to a table via SQL.// The three part key can be specified using a
// default encryption key before opening the table
exec sql
OPEN DATABASE southwind;
exec sql
SET ENCRYPTION TO "key_1,key_2,key_3";
exec sql
INSERT INTO customers
(customerid, companyname)
VALUES
('RECIT','Recital Corporation');
// Or by appending the key to the filename
exec sql
OPEN DATABASE southwind;
exec sql
INSERT INTO customers<key_1,key_2,key_3>
(customerid, companyname)
VALUES
('RECIT','Recital Corporation');
SQL SELECT
Used to return data from a table via SQL.// The three part key can be specified using a // default encryption key before opening the table exec sql OPEN DATABASE southwind; exec sql SET ENCRYPTION TO "key_1,key_2,key_3"; exec sql SELECT * FROM customers; // Or by appending the key to the filename exec sql OPEN DATABASE southwind; exec sql SELECT * FROM customers<key_1,key_2,key_3>;
SQL UPDATE
Used to update data in a table via SQL.// The three part key can be specified using a // default encryption key before opening the table exec sql OPEN DATABASE southwind; exec sql SET ENCRYPTION TO "key_1,key_2,key_3"; exec sql UPDATE customers SET companyname='Recital Corporation Inc.' WHERE customerid='RECIT'; // Or by appending the key to the filename exec sql OPEN DATABASE southwind; exec sql UPDATE customers<key_1,key_2,key_3> SET companyname='Recital Corporation Inc.' WHERE customerid='RECIT';
Summary
Recital offers a range of ways to keep your data secure. These start with the Operating System read/write permissions, which can be further refined to the level of table I/O operations and then field access in the Dictionary based Security and Protection rules. The Dictionary also provides the means to protect the integrity of the data via data validation and to assist in correct data entry through the use of choicelists, help messages and picture clauses etc. A further role of the Dictionary is in the provision of Table Triggers, which can be used to enable a programmatic response to table operations to add in additional checks or audit trails. For the most sensitive data, DES3 encryption is the ultimate protection: encrypting the physical data on the disk and only permitting table access on the production of the three part encryption key.
# recital < mrprog.prgIndividual commands can be executed in shell scripts.
# recital < myprog.prg > myoutput.txt
# recital > myoutput.txt <<END
use customers
list structure
END
# echo "select * from sales!customers where overdue" | recital | wc -l
# recital -c "create database sales"Expressions can be evaluated and used in shell scripts.
# recital -c "create table sales!invoices (id int, name char(25), due date)"
# VER=`recital -e "version(1)"`You can view what command line options are available by typing:
# recital --help
DRBD:
DRBD (Distributed Replicated Block Device) forms the storage redundancy portition of a HA cluster setup. Explained in basic terms DRBD provides a means of achieving RAID 1 behavoir over a network, where whole block devices are mirrored accross the network.
To start off you will need 2 indentically sized raw drives or partitions. Many how-to's on the internet assume the use of whole drives, of course this will be better performance, but if you are simply getting familar with the technology you can repartition existing drives to allow for two eqaully sized raw partitions, one on each of the systems you will be using.
There are 3 DRBD replication modes:
• Protocol A: Write I/O is reported as completed as soon as it reached local disk and local TCP send buffer
• Protocol B: Write I/O is reported as completed as soon as it reached local disk and remote TCP buffer cache
• Protocol C: Write I/O is reported as completed as soon as it reached both local and remote disks.
If we were installing the HA cluster on a slow LAN or if the geogrphical seperation of the systems involved was great, then I recommend you opt for asyncronous mirroring (Protocol A) where the notifcation of a completed write operation occurs as soon as the local disk write is performed. This will greatly improve performance.
As we are setting up our HA cluster connected via a fast LAN, we will be using DRBD in fully syncronous mode, protocol C.
Protocol C involves the file system on the active node only being notified that the write operation was finished when the block is written to both disks of the cluster. Protocol C is the most commonly used mode of DRBD.
/etc/drbd.conf
global { usage-count yes; }
common { syncer { rate 10M; } }
resource r0 {
protocol C;
net {
max-buffers 2048;
ko-count 4;
}
on bailey {
device /dev/drbd0;
disk /dev/sda4;
address 192.168.1.125:7789;
meta-disk internal;
}
on giskard {
device /dev/drbd0;
disk /dev/sda3;
address 192.168.1.127:7789;
meta-disk internal;
}
}
drbd.conf explained:
Global section, usage-count. The DRBD project keeps statistics about the usage of DRBD versions. They do this by contacting a HTTP server each time a new DRBD version is installed on a system. This can be disabled by setting usage-count no;.
The common seciton contains configurations inhereted by all resources defined.
Setting the syncronisation rate, this is accoimplished by going to the syncer section and then assigning a value to the rate setting. The syncronisation rate refers to rate in which the data is being mirrored in the background. The best setting for the syncronsation rate is related to the speed of the network with which the DRBD systems are communicating on. 100Mbps ethernet supports around 12MBps, Giggabit ethernet somewhere around 125MBps.
in the configuration above, we have a resource defined as r0, the nodes are configured in the "on" host subsections.
"Device" configures the path of the logical block device that will be created by DRBD
"Disk" configures the block device that will be used to store the data.
"Address" configures the IP address and port number of the host that will hold this DRBD device.
"Meta-disk" configures the location where the metadata about the DRBD device will be stored.
You can set this to internal and DRBD will use the physical block device to store the information, by recording the metadata within the last sections of the disk.
Once you have created your configuration file, you must conduct the following steps on both the nodes.
Create device metadata.
$ drbdadm create-md r0
v08 Magic number not found
Writing meta data...
initialising activity log
NOT initialized bitmap
New drbd meta data block sucessfully created.
success
Attach the backing device.
$ drbdadm attach r0
Set the syncronisation parameters.
$ drbdadm syncer r0
Connect it to the peer.
$ drbdadm connect r0
Run the service.
$ service drbd start
Heartbeat:
Heartbeat provides the IP redundancy and the service HA functionailty.
On the failure of the primary node the VIP is assigned to the secondary node and the services configured to be HA are started on the secondary node.
Heartbeat configuration:
/etc/ha/ha.conf
## /etc/ha.d/ha.cf on node1
## This configuration is to be the same on both machines
## This example is made for version 2, comment out crm if using version 1
// replace the node variables with the names of your nodes.
crm no
keepalive 1
deadtime 5
warntime 3
initdead 20
bcast eth0
auto_failback yes
node bailey
node giskard
/etc/ha.d/authkeys
// The configuration below set authentication off, and encryption off for the authentication of nodes and their packets.
//Note make sure the authkeys file has the correct permisisions chmod 600
## /etc/ha.d/authkeys
auth 1
1 crc
/etc/ha.d/haresources
//192.168.1.40 is the VIP (Virtual IP) assigned to the cluster.
//the "smb" in the configuration line represents the service we wish to make HA
// /devdrbd0 represents the resource name you configured in the drbd.conf
## /etc/ha.d/haresources
## This configuration is to be the same on both nodes
bailey 192.168.1.40 drbddisk Filesystem::/dev/drbd0::/drbdData::ext3 smb
In this article Barry Mavin, CEO and Chief Software Architect for Recital, details how to work with Triggers in the Recital Database Server.
Overview
A trigger is a special kind of stored procedure that runs when you modify data in a specified table using one or more of the data modification operations: UPDATE, INSERT, or DELETE.
Triggers can query other tables and can include complex SQL statements. They are primarily useful for enforcing complex business rules or requirements. For example, you can control whether to allow a new order to be inserted based on a customer's current account status.
Triggers are also useful for enforcing referential and data integrity.
Triggers can be used with any data source that is handled natively by the Recital Database Engine. This includes Recital, FoxPro, FoxBASE, Clipper, dBase, CISAM, and RMS data,
Creating and Editing Triggers
To create a new Trigger, right-click the Procedures node in the Databases tree of the Project Explorer and choose Create. To modify an existing Trigger select the Trigger in the Databases Tree in the Project Explorer by double-clicking on it, or select Modify from the context menu. By convertion we recommend that you name your Stored Procedures beginning with "sp_xxx_", user-defined functions with "f_xxx_", and Triggers with "dt_xxx_", where xxx is the name of the table that they are associated with.
Associating Triggers with a Table
Once you have written your Triggers as detailed above you can associate them with the operations performed on a Table by selecting the Table tab.
The Tables tab allows you to select a Trigger procedure by clicking on the small button at the right of the Text field.
Types of Triggers
As can be seen from the Tables tab detailed below, The Recital Database Server handles 6 distinct types of Triggers.
Open Trigger
The Open Trigger is called after is a table is opened but before any operations are performed on it. You can use this trigger to record a log of table usage or provide a programmable means of checing security. If the Trigger procedure returns .F. (false), then the table is not opened. You can use a TRY...CATCH block around the associated command to inform the user.
Close Trigger
The Close Trigger is called just prior to a table being closed. In this trigger you may find it useful to get transaction counts by using the IOSTATS() built-in 4GL function, and record these values in a transaction log.
Update Trigger
The Update Trigger is called prior to a record update operation being performed. You can use this trigger to perform complex application or data specific validation. If the Trigger procedure returns .F. (false), then the record is not updated. You can use inform the user from within the Trigger procedure the reason that the data cannot be updated.
Delete Trigger
The Delete Trigger is called prior to a record delete operation being performed. You can use this trigger to perform complex application or data specific validation such as cross-table lookups e.g. attempting to delete a customer recortd when there are still open orders for that specific customer. If the Trigger procedure returns .F. (false), then the record is not deleted.
Insert Trigger
The Insert Trigger is called prior to a record insert (append) operation being performed. You can use this trigger to perform such tasks as setting up default values of columns within the record. If the Trigger procedure returns .F. (false), then the record is not inserted.
Rollback Trigger
The RollbackTrigger is called prior to a rollback operation being performed from within a form. If the Trigger procedure returns .F. (false), then the record is not rolled back to its original state.
Testing the Trigger
To test run the Trigger, select the Trigger in the Databases Tree in the Project Explorer by double-clicking on it. Once the Database Administrator is displayed, click the Run button to run the Trigger.
Yes, your FoxPlus and FoxPRO applications should run under Recital with little to no changes at all. We provide expert product support if you have any questions or problems. If you lack the resources to move your applications into Recital we can provide that service to you also if required.
In Adobe's own words:"Adobe® AIR® is a cross-operating system runtime that lets developers combine HTML, Ajax, Adobe Flash®, and Adobe Flex® technologies to deploy rich Internet applications (RIAs) on the desktop."
The outcome of this combination of technologies is that developers can design and render quite beautiful user interfaces cross platform. For us desktop Linux users it is nice to have
an additional avenue for obtaining and running attractive desktop applications.Examples of great Adobe air applications are Adobe.com for My Desktop, TweetDeck and the Times Reader. You can download these applications and many more at the Adobe Marketplace.
The easiest way to install Adobe Air on Fedora 12 is to download the latest build from Adobe, click here.
Once you have downloaded the .bin file do the following at the shell:
su - chmod +x AdobeAIRInstaller.bin ./AdobeAIRInstaller.binOnce you have Air installed, there is a slight tweak you will have to do to get it running on Fedora 12, it is related to the security certificates. This can be remedied in one simple line at the shell prompt as root.
su - for c in /etc/opt/Adobe/certificates/crypt/*.0; do aucm -n $(basename $c) -t true; doneWhat this line is doing is using the aucm which is the Adobe Unix certificate manager to set the certificates installed as trusted.
You will now be able to go to the Adobe Marketplace and download and run Air applications without any issues.
Enjoy!
When stress testing our loadbalancer, i was unable to get more than 20 reliable ssh connections. The following error would be reported.
ssh_exchange_identification: Connection closed by remote host
The resolution for this is quite simple.
Edit the /etc/ssh/sshd_config file and increase the MaxStartups. On my server i set this to 200.
Edit /etc/sysctrl.conf and add the following line:
net.core.netdev_max_backlog = 3000
Then apply this change:
# sysctl -p
FOREACH array_expression AS value
statements...
ENDFOR
FOREACH array_expression AS key => value
statements...
ENDFOR
The first form loops over the array given by array_expression. On each loop, the value of the current element is assigned to value and the internal array pointer is advanced by one (so on the next loop, you'll be looking at the next element). The second form does the same thing, except that the current element's key will be assigned to the variable key on each loop. This form works only on associative arrays and objects.