Enhancing the authentication mechanism in MaxDB

Former Member · ‎02-09-2005

Enhancing the authentication mechanism in MaxDB

MaxDB SQLCLI is a tool used for performing functions like data manipulation, data definition etc. Like any other client, to get connected to the database using SQLCLI, user name and password is a must. The main problem with the SQLCLI is the lack of security in the console. When connecting to the database the given password is never masked in SQLCLI. Hence this needs to be modified so as to keep the password concealed. This weblog explains the way to overcome the same.

MySQL Console

Let us see a simple example of a better authentication process in existing MySQL console,

In the above screen shot, it is pretty clear that the MySQL console completely hides the entered password. Thus the confidentiality is ensured at all points.

MaxDB SQLCLI Console

But when considering the MaxDB SQLCLI the authentication is much different. The entered password is revealed as such and hence there is security for the same.

the user name dba and the password maxdb are open and hence the users are always at risk.

Enhancing the authentication mechanism

Here is an alternate way to login into the MaxDB without revealing the password. This is a simple program in java that uses a thread to hide the entered password with the special characters. Further, the program also explains how to run SQL query in MaxDB using java. The program is developed from the password masking concepts discussed at http://java.sun.com/developer/technicalArticles/Security/pwordmask/. The program that makes this possible is given below,

import java.io.*; import java.sql.*;public class LoginMaxDB extends Thread {  boolean stopThread= false;  boolean hideInput= false;  boolean shortMomentGone= false;  // The Thread section that will run and conceal the password  public void run()  {   try   {     sleep(500);   }   catch (InterruptedException e)   {  }  shortMomentGone= true;   while (!stopThread)   {    if (hideInput)    {      System.out.print("\b*");    }    try    {     sleep(1);    }    catch (InterruptedException e)    {   }   }   }   public static void main(String[] arguments)   {  // Declarations for the variables used String username= "";  String password= "";  LoginMaxDB Hide= new LoginMaxDB();  Hide.start();  BufferedReader in= new BufferedReader(new InputStreamReader(System.in));  try  {   System.out.print("username: ");   // Wait for the userusername and clear the keyboard buffer (if neccessarry)   do   {    username= in.readLine();   }   while (Hide.shortMomentGone == false);   // Now the hide thread should begin to overwrite any input with "*"   Hide.hideInput= true;   // Read the password   System.out.println("Password:");   password = in.readLine();   Hide.stopThread= true;  }  catch (Exception e)  { }  try  {  // This is where we load the driver  Class.forName("com.sap.dbtech.jdbc.DriverSapDB");  System.out.println("The Driver has been loaded"); }  catch (ClassNotFoundException e)  {  System.out.println("Unable to load Driver Class");  return; } try  {     // All database access is within a try/catch block. Connect to database,  // specifying particular database, username, and password  // required connection parameters  String  Server = "localhost",Database="KATHIR";   String Query = "";  // get connection     Connection con = DriverManager.getConnection ("jdbc:sapdb://" + Server + "/" +  Database, username, password);    // Create and execute an SQL Statement     Statement stmt = con.createStatement(  );  ResultSet rs = null;  rs =  stmt.executeQuery("SELECT * FROM employee");     // Display the SQL Results     while(rs.next(  ))   {  System.out.println(rs.getString(2));  }     }      catch (SQLException se)  {       // Inform user of any SQL errors       System.out.println(se);      }  } }

The above program when executed provides the below given result.

A small cross check with the Websql Studio, for the executed query.

Hope the above program is much useful to enhance the authentication mechanism in MaxDB.

Enhancing the authentication mechanism in MaxDB

Enhancing the authentication mechanism in MaxDB

Are you there, SAP? It's me, Jelena

Integration Point of MM-FI-SD in SAP ERP

SAP Project System - A ready Reference ( Part 1 )