Try OpenEdge Now
skip to main content
DataServer for Oracle
Configuring the DataServer : Creating, Maintaining, and Deploying a schema holder : Schema holder security : Database Authentication During Foreign Database Connect
 
Database Authentication During Foreign Database Connect
The Oracle DataServer does not require its own authentication. Users connecting through Oracle cleint libraries from a DataServer application need to provide only their foreign data source credentials to make a conneciton..
Secure connection to a foreign databse can be made in three different ways:
*Wait for the Data Administration tool to prompt you for your data source user ID and password
*Provide a -U and -P parameter during OpenEdge client start up
*Add user ID and password in the Connection Parameters field of your logical database and they will be picked up for processing with the foreign data source connection
The User Id and Password that is used to connect to the foreign database from OpenEdge can be encrypted by the user. The following example demonstrates a self-encryption method available to OpenEdge applications that uses an agreed upon encryption key. The user encrypts the message and the DataServer detects the encryption by virtue of an encryption key prefix that informs the DataServer to decrypt just prior to connection with the foreign data source. The ABL syntax to encrypt a connection string is shown in the following example:
DEFINE INPUT PARAMETER cUserID AS CHARACTER NO-UNDO.
DEFINE INPUT PARAMETER cPasswd AS CHARACTER NO-UNDO.
CONNECT <schema-holder> -1 NO-ERROR.
/* self service */
CONNECT <dsn> -ld <logical-database> -dt ORA
VALUE( " -U " + cUserID +
" -P " + "oech1::" +
AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd)) NO-ERROR.
/* client/server */
CONNECT <dsn> -ld <logical-database> -dt ORA
VALUE( " -U " + cUserID +
" -P " + "oech1::" +
AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd))
-H <host> -S <port> NO-ERROR.
User Id and Password are encrypted internally on behalf of the application so that clear test is never seen from the application, nor is it transmitted over a connection in clear text. This security policy is enabled by default.
Users are still able to store clear text credentials in the dictionary if they chose to do so. However, if they self-encrypt credentials placed in the dictionary, as described in the above example, the credentials will remain encrypted while in schema holder storage and will be automatically decrypted by the DataServer when authentication is needed for the foreign data source connection.
Note: The use of encryption requires that both the OpenEdge client and server are of the same OpenEdge version. Connecting a new OpenEdge 11.4 client with an old pre-11.4 server will fail to connect. Backward compatibility is lost if the new client utilizes encryption during connection to an old server.