PROPATH Control

[GregTomkins]

Let's say my WebSpeed has a PROPATH containing a bunch of programs, exactly one of which I want to be accessible directly (eg. from a browser client). All of the others should only be accessible from WebSpeed itself. What is the correct way of setting this up?

I am looking for something like this, but this is from the AppServer documentation and it's not clear to me how this would work for a WebSpeed server.

Controlling AppServer entry points
You can control AppServer entry points for an AppServer agent at run time using the EXPORT( ) method on the SESSION handle. AppServer entry points are the pathnames of procedures in the AppServer PROPATH that a client application can execute as remote procedures (persistently or non‑persistently). The EXPORT( ) method establishes entry points by allowing you to set and maintain an export list that contains the pathnames of authorized remote procedures. As such, this is a mechanism that you can use to enforce secure access to the AppServer.

 

[Stefan]

Look at the web-notify trigger in web-disp.p - you can lock down which sources can be run in there.

I am no longer sure if there is a standard mechanism for doing the above, we ship a modified version of that source. Downside (in the long long past) is that due to the impressive amount of shared crap, you can run into missing shared variable definitions when using a different version of Progress (last time that this was an issue was between 9.1A and 9.1B I believe).

 

[GregTomkins]

Thanks a lot for the reply. I see that file but not any documentation on progress.com; is it the case that web-disp.p runs in front of any request to WebSpeed, similar to how srvrActivateProc runs in front of any request to a 'regular' AppServer? From the doc it appears srvrActivateProc is not available for WebSpeed?

 

[Stefan]

It's in the WebSpeed manual, chapter 4 security.

While googling OpenEdge "web-notify" I also found a class dispatcher at https://code.google.com/p/oo-openedge-webspeed-runtime/