Enhancing the authentication mechanism in MaxDB
MaxDB SQLCLI is a tool used for performing functions like data manipulation, data definition etc. Like any other client, to get connected to the database using SQLCLI, user name and password is a must. The main problem with the SQLCLI is the lack of security in the console. When connecting to the database the given password is never masked in SQLCLI. Hence this needs to be modified so as to keep the password concealed. This weblog explains the way to overcome the same.
Let us see a simple example of a better authentication process in existing MySQL console,
In the above screen shot, it is pretty clear that the MySQL console completely hides the entered password. Thus the confidentiality is ensured at all points.
MaxDB SQLCLI Console
But when considering the MaxDB SQLCLI the authentication is much different. The entered password is revealed as such and hence there is security for the same.
the user name dba and the password maxdb are open and hence the users are always at risk.
Enhancing the authentication mechanism
Here is an alternate way to login into the MaxDB without revealing the password. This is a simple program in java that uses a thread to hide the entered password with the special characters. Further, the program also explains how to run SQL query in MaxDB using java. The program is developed from the password masking concepts discussed at http://java.sun.com/developer/technicalArticles/Security/pwordmask/. The program that makes this possible is given below,
The above program when executed provides the below given result.
A small cross check with the Websql Studio, for the executed query.
Hope the above program is much useful to enhance the authentication mechanism in MaxDB.