Try OpenEdge Now
skip to main content
Programming Interfaces
Data Management : Application Security : Elements for authenticating ABL user identity : Specifying user IDs and passwords in ABL
 
Specifying user IDs and passwords in ABL
The requirements for user IDs and passwords vary according to the user account system that defines them. For more information on forming user IDs and passwords, see OpenEdge Getting Started: Identity Management. For information on defining user IDs and passwords for the database user list, see the sections on maintaining security in OpenEdge Data Management: Database Administration.
Note that when you add a password for users defined in the database user list, the password is encoded with the ABL ENCODE function. All OpenEdge internal passwords are case sensitive. So, ENCODE generates different values for uppercase and lowercase input.
You might also use this function to store passwords for any user-defined authentication system that you implement. When using ENCODE with passwords, Progress Software Corporation strongly recommends that:
*Invocations of the ENCODE function for the same user run in the same code page.
*In environments with multiple code pages, programs use the CODEPAGE–CONVERT function so that invocations of the ENCODE function for the same user run in the same code page.
The ENCODE function performs a one-way encoding operation that you cannot reverse. It is useful for creating scrambled copies of clear-text password strings that can be stored in a database. However, it is not possible to decode the string returned from the ENCODE function. You cannot use the ENCODE function to generate an encrypted password that can be used in an ABL security token or with an OpenEdge startup parameter.
Note: The ENCODE function is not a strong encoding operation and should be combined with a salt value for greater security. See Using cryptography to secure data for more information about creating and using salt values.
Beyond the requirements of individual user account systems, the maximum character length of user IDs is limited to the maximum length of the ABL CHARACTER data type. For more information, see the data types section in OpenEdge Development: ABL Reference.