1. Rules Reference Guide
  2. Functions
  3. About user-defined functions
  4. Securing user-defined functions

Securing user-defined functions

If a study contains a user-defined function that performs a task such as reading from or writing to a file, accessing the database or the registry, making web service calls, running an external application, sending an email, or using the event log directly, the assembly for the user-defined function must be signed with a strong named signature that is valid and trusted in order for the function to work in the Oracle Health Sciences InForm application.

To ensure that the user-defined functions and assemblies in your study projects and library projects are secure, Oracle recommends that you sign user-defined function assemblies using a strong named, valid and trusted signature. You must create a key pair, extract the public key, and place the key file:

  • On the Oracle Health Sciences Central Designer application server. If you are using the Oracle Health Sciences Central Designer application in a web farm environment, place the key on all the application servers in the web farm.
  • On all the Oracle Health Sciences InForm application servers where studies using the assembly will be deployed.

Note:

For Oracle Health Sciences InForm studies hosted by Oracle, all user-defined function assemblies that require signing must be signed by Oracle Services prior to deployment.

For more information, see Signing user-defined function assemblies.

In addition, user-defined functions that use the Log4Net application must use the latest version of Log4Net or theOracle Health Sciences Central Designer Log4Net wrapper. The Log4Net wrapper allows untrusted custom functions to use Log4Net logging, and shields users from future Log4Net upgrades. In addition, the wrapper elevates permissions so that the following loggers can run properly:

  • Console
  • ADO.NET
  • EventLog

The wrapper is available in the Oracle.Designer.ExternalFunctions.dll assembly, and contains the following classes and interface:

  • PhaseForward.Designer.Shared.Functions.Log4Net.LogManager
  • PhaseForward.Designer.Shared.Functions.Log4Net.Log
  • PhaseForward.Designer.Shared.Functions.Log4Net.ILog

The methods provided in the classes and interface match those in the Log4Net documentation.

Parent topic: About user-defined functions