HPCC-14356 Edits based upon review

Signed-off-by: Jim DeFabia <jamesdefabia@lexisnexis.com>
hpcc-systems · Apr 14, 2016 · 53c8d61 · 53c8d61
1 parent 2031e54
commit 53c8d61
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 13 deletions.
diff --git a/docs/ECLLanguageReference/ECLR_mods/ExtrSvcs-ExternalServicesImpl.xml b/docs/ECLLanguageReference/ECLR_mods/ExtrSvcs-ExternalServicesImpl.xml
@@ -30,6 +30,10 @@
 
   <programlisting>Extern "C" _declspec(dllexport) unsigned _cdecl Countchars(const unsigned len, const char *string)</programlisting>
 
+  <para><emphasis role="bold">Note</emphasis>: The use of an external SERVICE
+  may be restricted to signed modules. See Code Signing in the ECL
+  Programmer's Guide.</para>
+
   <sect2 id="DLL_Initialization">
     <title>.SO Initialization</title>
 

diff --git a/docs/ECLProgrammersGuide/PRG_Mods/CodeSign.xml b/docs/ECLProgrammersGuide/PRG_Mods/CodeSign.xml
@@ -7,9 +7,9 @@
 
   <para>Versions of HPCC Systems<superscript>®</superscript> platform prior to
   6.0.0 have always allowed some control over which operations were permitted
-  in ECL code. This was done, primarily, as a way to ensure that operations
-  like PIPE or embedded C++ could not be used to circumvent access controls on
-  files by reading them directly from the operating system.</para>
+  in ECL code. This was done, among other reasons, as a way to ensure that
+  operations like PIPE or embedded C++ could not be used to circumvent access
+  controls on files by reading them directly from the operating system.</para>
 
   <para>Version 6.0.0 (and above) has two features to provide more flexibility
   over the control of these operations.</para>
@@ -24,7 +24,7 @@
 
     <listitem>
       <para>You can configure the access rights (which control the ability to
-      use PIPE, embed C++, or declare a SERVICE as FOLDable) to be dependent
+      use PIPE, embed C++, or restrict the use of a SERVICE) to be dependent
       on the code being signed. This means that we can provide signed code in
       the ECL Standard Library that makes use of these features, without
       opening them up for anyone to call anything.</para>
@@ -70,6 +70,10 @@
         </tgroup>
       </informaltable></para>
 
+    <para>Note: Parts of the Standard Library may not function if the use of
+    C++ and external definitions is denied. In general, <emphasis
+    role="bold">allowsigned</emphasis> is preferred. </para>
+
     <para><emphasis role="bold">Cluster</emphasis></para>
 
     <para>Specify the cluster for which this rule applies.</para>
@@ -98,16 +102,10 @@
             command.</entry>
           </row>
 
-          <row>
-            <entry><emphasis>foldextern</emphasis></entry>
-
-            <entry>Allow/Deny SERVICE functions using FOLD</entry>
-          </row>
-
           <row>
             <entry><emphasis>extern</emphasis></entry>
 
-            <entry>Allow/Deny an external function</entry>
+            <entry>Allow/Deny an external function (SERVICE)</entry>
           </row>
         </tbody>
       </tgroup>
@@ -133,8 +131,9 @@
     plug-ins and included the public key in the HPCC platform installation.
     Code that tries to use service definitions that are signed will continue
     to work as before but, code that tries to call arbitrary library functions
-    using user-supplied SERVICE definitions will give compile errors, if
-    signing has not been used.</para>
+    using user-supplied SERVICE definitions will give compile errors, if the
+    code is unsigned, and the extern setting (see above) is set to deny or
+    allowsigned.</para>
 
     <para>System administrators can install additional keys on the ECLCC
     Server machine, so if you want to use your own service definitions, they