UltraLite users

A typical UltraLite database contains one user ID and password. UltraLite databases are created with a default user ID of DBA and default password of sql unless otherwise specified. UltraLite Java edition databases are created with a default password of DBA.

Changing the user schema is optional and not required. Many applications do not need database-level authentication and assume that a device level password is sufficient authentication to access an application and its data.

Common reasons for not authenticating users may be because the deployment is to a single-user device, or that it is too awkward to prompt a user each time they start the application.

You do not need to include a user ID or password in the database connection string if you do not need database-level authentication. The simplest UltraLite connection string is DBF=filename. The remainder of this section explains how UltraLite implements user IDs and describes how to use them for cases where you need explicit user authentication.

When developing an UltraLite application with a custom user authentication interface, you can effectively use the UltraLite user IDs and password hashes stored in an UltraLite database to validate user-supplied credentials and avoid creating your own password hashing algorithm. By adding users to your UltraLite database, you store their user IDs and password hashes. You can then validate the user-supplied credentials in your application by attempting to connect to the database with the UID and PWD connection parameters, where UID=username and PWD=password. A successful UltraLite database connection indicates that the user is authentic.

Caution

Unlike SQL Anywhere users, UltraLite users are created and managed solely for authentication and not for object ownership or specific database permissions. Once users are authenticated, they gain full access to the database.

By creating user IDs and passwords, you control connections to the UltraLite database but do not secure the data in the database file. The contents are stored as plain text and can be read directly.

To secure the database contents, it is recommended that you encrypt the file. When you encrypt the file, you can authenticate users with an encryption key rather than a user ID and password.

You can obfuscate the file to alter the storage so that data is not stored as plain text, but this approach does not secure the data.

For more information, see UltraLite database security and UltraLite DBKEY connection parameter.

Note

UltraLite user IDs are different from MobiLink user names.

Limitations

User IDs and passwords are not stored in UltraLite Java edition databases. Those databases are protected with a single password and do not require user creation or authentication. For more information, see Creating or connecting to an UltraLite or UltraLite Java edition database.

The following limitations apply to UltraLite user IDs:

UltraLite supports up to four unique user IDs per UltraLite database.
User IDs and passwords can be changed using Sybase Central, SQL statements, or UltraLite API methods in your application.
User IDs have a 31-character limit.
User IDs cannot include leading single quotes('), leading double quotes ("), or semicolons(;).
User IDs are always case insensitive and passwords are always case sensitive.
User IDs cannot be renamed. You can only add new user IDs and delete existing ones from an existing database connection.
Users can not be listed programmatically using the UltraLite APIs. You can only use database tools to list existing users in the database.
When connecting to an UltraLite database for the first time, the UID and PWD are the same values that were set when the database was created. UltraLite attempts to connect with the DBA user ID and sql password when these connection parameters are not specified. You do not need to supply a username or password when connecting to the database if you did not explicitly set a username and password during its creation.

UltraLite users

Caution

Note

Limitations

See also