When a client connection supports extended plus encrypted password (EPEP), Open Server handles the login negotiation, including decrypting of the password. The negotiation takes place before the SRV_CONNECT handler is called. In the SRV_CONNECT event handler, applications can simply retrieve the password with the existing SRV_T_PWD property and inspect the used password encryption protocol with a new property.
To try out Open Server password encryption, you can connect to the 'lang' sample using isql with the -X option, which turns on password encryption in isql.
From 15.0 release, Open Client supported the strong
login password encryption. However, with ESD#6, Open
Server supports the strong login password encryption.
This property is used with srv_thread_props() to retrieve the password. If the client supports the EPEP protocol, SRV_T_PWD automatically returns the decrypted password.
This new public enumerated type in Open Server has these values:
SRV_NOENCRYPT_PWD (0)
SRV_ENCRYPT_PWD (1) (Not implemented in Open Server)
SRV_EXTENDED_ENCRYPT_PWD (2) (Not implemented in Open Server)
SRV_EXTENDED_PLUS_ENCRYPT_PWD (3)
Use this new read-only property along with the srv_thread_props() function to retrieve the protocol version of the password encryption that retrieved the password. The type and possible values of this property are described in “SRV_PWD_ENCRYPT_VERSION”.
You cannot use this property to avoid clear-text transmission
of passwords. When Open Server reads the client-supported password
encryption versions, the password may already have been transmitted
in clear text. However, you can use this property to verify that
all client applications use the required password encryption algorithm.
Use the SRV_S_DISABLE_ENCRYPT property to disable support for the native password negotiation. If this property is set, Open Server does not start the password negotiation protocols. The default value for this SRV_S_DISABLE_ENCRYPT is CS_FALSE.
