Release 10.1A: OpenEdge Data Management:
Database Administration

Validating an OpenEdge user ID and password

If you establish a list of valid user IDs, the OpenEdge RDBMS prompts the user for a user ID and password at connection time. Typically, the application does this by running the login procedure. The standard startup procedure, PROSTART, automatically runs a login procedure for each connected database. If the application uses another startup procedure, the developer should run a login procedure from that procedure.

The login procedure uses the SETUSERID function to check the user ID and password entered by the user. The user has three attempts to enter the correct user ID and password for each database. If the user fails to do so after three attempts, SETUSERID exits the user from the database. If the user ID and password combination is valid for the database, then SETUSERID establishes that user ID for the connection.

If the application does not run the login procedure at connection time, or if the user bypasses the login procedure (by pressing END-ERROR when prompted for the user ID and password), then the user is assigned the blank user ID. While you cannot prevent users from connecting to the database with the blank user ID, you can prevent them from accessing data by establishing compile-time and run-time security.

For more information about compile- and run-time security, see OpenEdge Development: Progress 4GL Handbook .