ECDA security uses a user ID/password combination, coupled with a user level, to determine access.
The user level determines the amount of administration functionality that is available to the user. This function is implemented in DirectConnect Manager, as well as at the Administrative Service Library level. The level of access is granted at two levels: “monitor” and “monitor plus change.” These two levels are also referred to as “user” and “admin,” respectively.
Servers that do not support security allow full access
to all connections.
Security for ECDA is implemented using an encrypted password that is stored on the user.pwd file of the Administrative Service Library.
The first time the user connects to the Administrative Service Library, the security program detects that the user.pwd file does not exist. As a result, the Administrative Service Library creates a user.pwd with the following two entries:
User ID |
Password |
|---|---|
sa |
|
Admin |
Password |
The entries on the previous table allow you to access the system using the original “sa” user ID without a password. However, if you use DirectConnect Manager to modify the “sa” user ID, a password is required. When you use DirectConnect Manager to add new users, the new entries are added to the previous list in the table and are stored in the user.pwd file in the cfg directory for the DirectConnect server.
Keep in mind that while the ability of ECDA to automatically
create user.pwd files is convenient for backward compatibility,
you need to limit access to this file using standard file security
techniques.
| Copyright © 2008. Sybase Inc. All rights reserved. |
|
|