Is there anyway to authenticate users from inside DB2 instead of relying on the OS. We are installing a custom software on client machines with a DB and we want restrict access to ONLY our application such that no windows administrator or Linux root even has access.
Authentication is the process of making sure the person is who they say they are. Nothing more. Authorization is the process of determining what that person can do. You , as the DBA, are in control of the authorization. You simply do not give the users the capability of setting up the authorization configuration.
Andy I get your point but i think my situation is different. I am installing DB2 on someone else's machine and I want to deny all access except to my application.
Even if I create a new user while installing and keep the password to myself and authorize it, the windows administrator will always have the option of changing the password for that user and eventually accessing the db
Andy, Thanks for the link, most appreciated. Looks like I have to dig into C after a long time Just one more question ... if someone copies the DB2 data files from one location to another location / server, could those files be used to recreate / res-instantiate the database? To be clear I'm not talking about any backup files ... just plain data files
In theory, yes they could, but it would take someone with a lot of know-how. They could even restore a backup image even easier. To handle this, you would need an encryption solution. There are several types of those.