I'm trying to understand security for a PowerServer deployment when used to deploy a traditional Powerbuilder (classic) application.
Is there good documentation that I could read, and could be shown to security architects?
In particular, I'm having difficulty in being able to answer questions like these:
- Could a malicious system user (an internal user that is permitted to use parts of the system) get access to server side methods in any way?
- What security/protection is there on server side methods to restrict them to appropriate user roles?
At the moment, the application is deployed to Citrix, and the client interface restricts access to the available menus and buttons.
The security architects are very nervous about direct database connections, and quite nervous about any access to data that is vulnerable to determined attacks.