Home Page for the TeradataForum
 

Archives of the TeradataForum

Message Posted: Sat, 03 Oct 2009 @ 21:05:06 GMT


     
  <Prev Next>   <<First <Prev
Next>
Last>>
 


Subj:   Re: Process ID's versus unique User ID's
 
From:   Anomy Anom

<-- Anonymously Posted: Saturday, October 03, 2009 15:15 -->

Since V2R6.2, Teradata has supported IP address restrictions by username. That's one way to ensure that the application username can't be used from someone's desktop - even if they know the password. See the Security Administration manual for details.

And even before that you could have isolated the network connections from the middle tier to the database and set up dedicated gateways on the Teradata side, then restricted logons for certain users to specific LogicalHostIDs. Or you could perhaps build your own authentication method for the shared IDs and not rely on passwords.

But it's difficult to get three-tier applications to log on to the database with the individual end user credentials. In TD12.0, you can often use Query Banding in conjunction with "pre-statement" SQL options to at least track individual usage.

TD13.0 introduces "Trusted Sessions", where the middle tier logs on as a shared "application" user that has permissions to act as a proxy and actually set the effective user credentials via Query Banding. That sounds promising.



     
  <Prev Next>   <<First <Prev
Next>
Last>>
 
 
 
 
 
 
 
 
 
  
  Top Home Privacy Feedback  
 
 
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 15 Jun 2023