OpenEdge Release 12 introduces some security changes that may require you to upgrade your ABL applications, depending on the specific OpenEdge features that your ABL applications use.

ABL callbacks

If the OpenEdge security domain configuration in your OpenEdge Database employs ABL callbacks, you must update the domain configuration by re-registering the new version 12 compiled module. Use the database Data Administration tool to register the version 12 module in the Authentication System dialog box.

Security domain and system tables loaded from dump file

If your product’s database installation loads the OpenEdge domain and system tables from a dump (.d) file, you will need to migrate your dump file for use in creating a version 12 database. To perform this migration, you must define your product’s default OpenEdge domain and system tables in a version 12 database, and then use the Data Administration utility to create a new dump file.

Additional changes that may be needed to application code

You might also need to update your ABL application code in the following cases:

  • If you use an oech1:: encoded OpenEdge domain access-code in the CLIENT-PRINCIPAL:SEAL() method, you must update the code to pass a clear-text value as the method parameter.
  • If you use the AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY() method to manage OpenEdge domain access codes in your database, you must replace this method with the SECURITY-POLICY:ENCODE-DOMAIN-ACCESS-CODE() method.
  • If you use the RCODE-INFO:MD5-VALUE attribute, you must replace it with the RCODE-INFO:SIGNATURE-VALUE attribute. Note that the size of the return value increases from 16 bytes of storage to 32 bytes.
  • If you use object serialization between ABL clients and application servers, you must migrate both clients and server to version 12.
  • If you use ABL object serialization to persistent storage, like a file system or database, you must recreate the object data in the persistent storage because the storage format is incompatible between OpenEdge versions 11 and 12. To assist with upgrades, use the ALLOW-PREV-DESERIALIZATION on the SECURITY-POLICY system handle, available in version 12, to enable the ability to read storage data generated in version 11.

    For more information on deserialization, see ALLOW-PREV-DESERIALIZATION attribute.