Results 1 to 9 of 9
  1. #1
    Join Date
    Nov 2008
    Posts
    7

    Unanswered: Authentication from inside DB2

    Is there anyway to authenticate users from inside DB2 instead of relying on the OS. We are installing a custom software on client machines with a DB and we want restrict access to ONLY our application such that no windows administrator or Linux root even has access.

  2. #2
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    Let the OS do the authentication, but you can control the authorization through GRANT and REVOKE.


    Andy

  3. #3
    Join Date
    Nov 2008
    Posts
    7
    Authorization can be overridden by users if authentication is OS based so it doesn't solve my issue. Any other suggestions?

  4. #4
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    Authentication is the process of making sure the person is who they say they are. Nothing more. Authorization is the process of determining what that person can do. You , as the DBA, are in control of the authorization. You simply do not give the users the capability of setting up the authorization configuration.

    Andy

  5. #5
    Join Date
    Nov 2008
    Posts
    7
    Andy I get your point but i think my situation is different. I am installing DB2 on someone else's machine and I want to deny all access except to my application.

    Even if I create a new user while installing and keep the password to myself and authorize it, the windows administrator will always have the option of changing the password for that user and eventually accessing the db

  6. #6
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    You would have to write your own security plugin. See here for more info: DB2 UDB security, Part 2: Understand the DB2 Universal Database security plug-ins

    Andy

  7. #7
    Join Date
    Nov 2008
    Posts
    7
    Andy, Thanks for the link, most appreciated. Looks like I have to dig into C after a long time Just one more question ... if someone copies the DB2 data files from one location to another location / server, could those files be used to recreate / res-instantiate the database? To be clear I'm not talking about any backup files ... just plain data files

    Thanks
    Farooq

  8. #8
    Join Date
    Jan 2003
    Posts
    4,292
    Provided Answers: 5
    In theory, yes they could, but it would take someone with a lot of know-how. They could even restore a backup image even easier. To handle this, you would need an encryption solution. There are several types of those.

    Andy

  9. #9
    Join Date
    Nov 2008
    Posts
    7
    Thanks Again Andy!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •