UNPKG

bc-code-intelligence-mcp

Version:

BC Code Intelligence MCP Server - Complete Specialist Bundle with AI-driven expert consultation, seamless handoffs, and context-preserving workflows

github.com/JeremyVyska/bc-code-intelligence-mcp

JeremyVyska/bc-code-intelligence-mcp

95 lines (74 loc) 5.14 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
--- title: "AL Temporary Table Safety" domain: "seth-security" difficulty: "intermediate" bc_versions: "14+" tags: ["temporary-tables", "data-protection", "memory-management", "security"] type: "improvement-pattern" category: "security" pattern_type: "good" severity: "high" impact_level: "high" improvement_suggestion: "Implement secure temporary table handling to prevent data leakage and ensure proper cleanup" implementation_steps: ["validate-data-scope", "implement-secure-cleanup", "test-isolation"] validation_criteria: ["secure-data-handling", "proper-memory-cleanup"] technical_areas: ["al-code", "data-management"] samples: "samples/al-temporary-table-safety.md" --- # AL Temporary Table Safety ## Overview Temporary tables in AL provide in-memory data processing capabilities but require careful security considerations to prevent data leakage, unauthorized access, and memory management issues. Proper implementation ensures data protection while leveraging temporary table performance benefits. **Key Principle**: Temporary tables must be properly scoped, cleared, and protected to prevent sensitive data exposure across user sessions or security contexts. ## Strategic Framework ### Data Isolation Requirements **Session Isolation**: Temporary tables must not leak data between user sessions **Permission Boundaries**: Temporary table data access respects underlying table permissions **Memory Cleanup**: Sensitive data in temporary tables requires explicit clearing **Scope Management**: Temporary tables should have minimal necessary lifetime ### Security Context Preservation Temporary tables inherit security context from their source data but require additional protection when crossing procedure boundaries or user contexts. ### Data Protection Lifecycle 1. **Creation**: Secure initialization with appropriate permissions 2. **Population**: Controlled data access respecting source permissions 3. **Processing**: Secure manipulation within authorized scope 4. **Cleanup**: Explicit clearing of sensitive temporary data ## Architecture Focus ### Memory Security **Data Residue Prevention**: Explicitly clear temporary tables containing sensitive information **Scope Limitation**: Keep temporary table lifetime as short as possible **Access Control**: Implement proper access controls for temporary table procedures **Audit Considerations**: Log access to temporary tables containing sensitive data when required ### Permission Integration Temporary tables don't automatically inherit all security restrictions of their source tables. Additional validation may be required for sensitive operations. ### Cross-Context Safety When passing temporary tables between procedures or objects, ensure security context is properly maintained and validated. ## Best Practices ### Secure Initialization - **Permission Validation**: Verify user permissions for underlying data before populating temporary tables - **Data Filtering**: Apply appropriate filters based on user security context - **Minimal Data**: Include only necessary fields and records in temporary tables - **Clear Purpose**: Document temporary table purpose and expected data sensitivity ### Lifecycle Management - **Explicit Clearing**: Clear temporary tables containing sensitive data after use - **Scope Control**: Limit temporary table accessibility to minimum required procedures - **Error Handling**: Ensure temporary table cleanup occurs even in error scenarios - **Resource Management**: Monitor temporary table memory usage in high-volume scenarios ### Data Protection Patterns - **Sensitive Data Identification**: Clearly identify and mark temporary tables containing sensitive information - **Access Logging**: Log temporary table access for sensitive data when required for compliance - **Encryption Consideration**: Consider additional protection for highly sensitive temporary data - **Cleanup Verification**: Implement verification that sensitive temporary data is properly cleared ### Error Scenario Handling - **Finally Blocks**: Use try-finally patterns to ensure cleanup in error scenarios - **Exception Safety**: Maintain data protection even when exceptions occur - **Rollback Procedures**: Implement proper rollback for partially processed temporary data - **Recovery Mechanisms**: Design recovery procedures for temporary table corruption scenarios ## Anti-Patterns ### Avoid These Approaches - **Persistent Temporary Data**: Failing to clear sensitive temporary table data after use - **Permission Bypass**: Using temporary tables to circumvent normal data access controls - **Cross-Session Leakage**: Temporary table data accessible across user sessions - **Uncontrolled Scope**: Temporary tables accessible from unauthorized code contexts Using temporary tables to access data that users shouldn't normally see violates security principles and may expose sensitive information inappropriately. *Related patterns: al-data-isolation.md, al-memory-management.md* *Implementation examples: see samples/al-temporary-table-safety.md*