Try OpenEdge Now
skip to main content
DataServer for Microsoft SQL Server
Configuring the DataServer : Creating a schema holder : Authorization and Authentication : Database authentication during foreign database connect
 
Database authentication during foreign database connect
Users connecting from a DataServer application need to provide their foreign data source credentials to the make a conneciton.
Secure connection to a foreign database can be made in three different ways:
*Wait for the Data Administration tool to prompt you for your data source user ID and password
*Provide a -U and -P parameter during OpenEdge client start up
*Add user ID and password in the Connection Parameters field of your logical database and they will be picked up for processing with the foreign data source connection
The User Id and Password that is used to connect to the foreign database from OpenEdge can be encrypted by the user. The following example demonstrates a self-encryption method available to OpenEdge applications that uses an agreed upon encryption key. The user encrypts the message and the DataServer detects the encryption by virtue of an encryption key prefix that informs the DataServer to decrypt just prior to connection with the foreign data source. The ABL syntax to encrypt a connection string is shown in the following example:
DEFINE INPUT PARAMETER cUserID AS CHARACTER NO-UNDO.
DEFINE INPUT PARAMETER cPasswd AS CHARACTER NO-UNDO.

CONNECT schema-holder -1 NO-ERROR.
/* self service */
CONNECT dsn -ld logical-database -dt MSS
VALUE( " -U " + cUserID +
" -P " + "oech1::" +
AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd)) NO-ERROR.

/* client/server */
CONNECT dsn -ld logical-database -dt MSS
VALUE( " -U " + cUserID +
" -P " + "oech1::" +
AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd))
-H host -S port NO-ERROR.
User Id and Password are encrypted internally on behalf of the application so that clear test is never seen from the application, nor is it transmitted over a connection in clear test. This security policy is enabled by default.
Users are still able to store clear text credentials in the dictionary if they chose to do so. However, if they self-encrypt credentials placed in the dictionary, as described in the above example, the credentials will remain encrypted while in schema holder storage and will be automatically decrypted by the DataServer when authentication is needed for the foreign data source connection.
Note: The use of encryption requires that both the OpenEdge client and server are of the same OpenEdge version. Connecting a new OpenEdge 11.4 client with an old pre-11.4 server will fail to connect. Backward compatibility is lost if the new client utilizes encryption during connection to an old server.