Net.Data Configuration Variables

Net.Data provides several configuration variables that can be used to limit the activities of end users or conceal the design of your database.

Control file access with path statements
Net.Data evaluates the settings of path configuration statements to determine the location of files and executable programs that are used by Net.Data macros. These path statements identify one or more directories that Net.Data searches when attempting to locate macros, executable files, include files, or other flat files. By selectively including directories on these path statements, you can explicitly control the files that are accessible by users at browsers. Refer to Configuring Net.Data for additional detail about path statements.

You should also use authorization checking as described in Using Authorization and verify that file names cannot be changed in INCLUDE statements as described in Macro Development Techniques.

Disable SHOWSQL for production systems
The SHOWSQL variable allows the user to specify that Net.Data displays the SQL statements specified within Net.Data functions at a Web browser. This variable is used primarily for developing and testing the SQL within an application and is not intended for use in production systems.

You can disable the display of SQL statements in production environments using one of the following methods:

See SHOWSQL in the variables chapter of Net.Data Reference for syntax and examples for the SHOWSQL Net.Data variable.

Consider whether it is appropriate to enable direct request for production environments
The direct request method of invoking Net.Data allows a user to specify the execution of an SQL statement or Perl, REXX, or C program directly from a URL. The macro request method allows users to execute only those SQL statements and functions defined or called in a macro.

You should carefully consider whether to allow the use of direct request because it might give your users the ability to execute a very broad set of functions. When enabling this method of invocation, ensure that user ID under which the Net.Data request is processed has the appropriate level of authorization.

You can use the DTW_DIRECT_REQUEST configuration variable to disable direct request. See DTW_DIRECT_REQUEST: Enable Direct Request Variable for syntax and additional information.


[ Top of Page | Previous Page | Next Page | Index ]