HP 3000 Manuals

Security [ HP ALLBASE/SQL PC API User's Guide ] MPE/iX 5.0 Documentation

HP ALLBASE/SQL PC API User's Guide

Security 

Before a client application can access data within an ALLBASE/SQL
database, it must first connect to the DBEnvironment where the database
resides.  Connection requires validation of the logon string, as well as
authorization of the DBEUserID.

Controlling Access to the Database Server 

Database server logon information is stored in the SQL.INI file, which is
installed with PC API. Under the [ALLBASE] section, valid users and
available DBEnvironments are listed.  It may be convenient to store the
user specification parameters UserPass, AcctPass and GroupPass in the
SQL.INI file; however, when passwords are stored there, they are not
secure.  They may be viewed by anyone displaying the SQL.INI file.  It is
recommended that passwords, although part of the logon string, not be
stored in the SQL.INI file.

To secure passwords, you can use a ?  as a placeholder for UserPass,
AcctPass and GroupPass.  The ?  placeholder is passed as part of the
connection string.  The ?  placeholder causes a dialog box to appear on
the user's screen when the logon string is prepared for transmission to
the database server.  The user then enters the password into the dialog
box.

The following example shows how to define an mpeuser using the ?
placeholder:

     mpeuser=user1,pcuser1,who.myacct/?

Controlling Connect Access to the DBEnvironment 

After the user logon string has been validated by the server, the user
must still be authorized to connect to a particular DBEnvironment.
ALLBASE/SQL validates the DBEnvironment name and user access.  Connect
authorities are granted by the DBA of the target DBEnvironment through
the GRANT statement.  For more information about the GRANT statement,
refer to the ALLBASE/SQL Database Administration Guide.

Controlling Access Within the DBEnvironment 

Once connected to the DBEnvironment, the user must still have the proper
authorities to access any of the tables, views, columns, groups, and
modules within the DBEnvironment.  The DBA grants these authorities.  For
more information about granting authorities, refer to the ALLBASE/SQL 
Database Administration Guide.



NOTE  SQLWindows users cannot use the SQLTalk Security Menu to update
      database authorities or privileges.

MPE/iX 5.0 Documentation