Trusted / Untrusted concept

With the introduction of trusted functions, the LN infrastructure can restrict the extensions to break the general rules for cloud readiness.

Other software added by customers to the LN environment, such as Exchange scripts can also be restricted. Extensions are only allowed to call trusted functions. This applies to the 3GL and 4GL functions of LN’s programming language, which are described in the Infor ES Programmers Guide (Infor Customer Portal KB2924522). It also applies to application functions in DLLs, which can be called by the extensions to retrieve and store data with LN’s application logic.

These functions are untrusted, and cannot be used within extensions:

  • Functions that can harm the infrastructure if they are used in the incorrect way.

    Example: run.prog()

  • Functions that reveal information about the infrastructure.

    Example: hostname$()

  • Functions that are deprecated.

    Example: cf$()

  • Functions that may disturb the flow of the standard application.

    Example: dal.get.error.message()

  • Functions that may use standard components and the interface of the standard components may break.

    Those functions are “conditionally trusted”, which means that they are allowed to be called, but not for standard components. Example: wait.and.activate()

    wait.and.activate() can be called for an own session in the tx-package, but not for a standard session.

    This also applies to the Application Function Server (stpapi.* functions). You can use AFS to start own sessions in the tx-package, but you cannot run standard LN sessions through AFS.

Functions in LN Application DLLs, even if declared as extern, are untrusted by default. A new specific trusted layer is available with functions that can be used by extensions. The trusted LN Application functions are called “Public Interfaces”.

For a coding example and the procedure how to request a new Public Interface, see the Infor LN Public Interfaces & Process Extensions Reference Guide (Infor Customer Portal KB2003722).

During compilation of an extension script or any other script in the Extensions (tx) package, messages are raised when untrusted functions are called.

This diagram shows the different layers with trusted and untrusted functions:

tr_diagram_trust_func

The explanation of the numbers:

  1. An extension can call trusted functions in the LN Runtime layer, bshell functions, that are documented as trusted in the Infor ES Programmers Guide (Infor Customer Portal KB2924522).
  2. The extension can also call a trusted function in the LN Tools layer; those are also documented as trusted in the Infor ES Programmers Guide (Infor Customer Portal KB2924522).
  3. The extension can call trusted functions (Public Interfaces) in the application layer, that are documented in the help pages of LN Studio and the Extension Modeler.

    See the Infor LN Public Interfaces & Process Extensions Reference Guide (Infor Customer Portal KB2003722)

  4. Untrusted standard functions cannot be called from the extensions. All functions in the extensions are untrusted, but those can be called by the extension itself.
  5. With the standard software, the distinction between trusted and untrusted is not considered.