Securing user-defined functions
If a study contains a user-defined function that performs a task such as reading from or writing to a file, accessing the database or the registry, making web service calls, running an external application, sending an email, or using the event log directly, the assembly for the user-defined function must be signed with a strong named signature that is valid and trusted in order for the function to work in the InForm application.
To ensure that the user-defined functions and assemblies in your study projects and library projects are secure, Oracle recommends that you sign user-defined function assemblies using a strong named, valid and trusted signature. You must create a key pair, extract the public key, and place the key file:
- On the Central Designer application server. If you are using the Central Designer application in a web farm environment, place the key on all the application servers in the web farm.
- On all the InForm application servers where studies using the assembly will be deployed.
Note: For InForm studies hosted by Oracle, all user-defined function assemblies that require signing must be signed by Oracle Services prior to deployment.
For more information, see Signing user-defined function assemblies.
In addition, user-defined functions that use the Log4Net application must use the latest version of Log4Net or the Central Designer Log4Net wrapper. The Log4Net wrapper allows untrusted custom functions to use Log4Net logging, and shields users from future Log4Net upgrades. In addition, the wrapper elevates permissions so that the following loggers can run properly:
- Console
- ADO.NET
- EventLog
The wrapper is available in the Oracle.Designer.ExternalFunctions.dll assembly, and contains the following classes and interface:
- PhaseForward.Designer.Shared.Functions.Log4Net.LogManager
- PhaseForward.Designer.Shared.Functions.Log4Net.Log
- PhaseForward.Designer.Shared.Functions.Log4Net.ILog
The methods provided in the classes and interface match those in the Log4Net documentation.