Using a connection pool for the data source may cause role-based security damage. The support for trusted connections and trusted contexts on the IBMInformix server allows flexible reuse of connections, granting controlled permissions to the middle layer, and enhancing user responsibility in layer-3 applications without compromising database security, all of these improve the system performance.
Using a connection pool for the data source may cause role-based security damage. Support for trusted connections and trusted contexts on the IBM Informix server allows flexible reuse of connections, granting controlled permissions to the middle layer, and enhancing user accountability in layer-3 applications without compromising database security, all of these improve the system performance.
This article discusses trusted connections and trusted contexts, and shows how to use JDBC, ESQL/C, and ODBC drivers to manage trusted contexts.
In the traditional three-tier application model, you can interact with each other only after successful authorization, and check and audit are executed by the middle layer. Even if multiple users log on to the middle layer, the middle layer only uses a single user ID for access and grants permissions on all resources. This model cannot obtain the actual user identity to access the database for access control. In addition, if the user ID of the middle layer is stolen, it may cause serious security threats.
To implement a unique interaction group between the intermediate layer server and the database server, Informix introduces the concept of trusted database connection. A trusted context is a database security object created on the database server. It defines a trusted database connection attribute. A trusted connection is established when the connection attribute matches the unique trusted context attribute defined on the Informix server. After a trusted connection is established on the intermediate layer server, the same physical connection can be reused without the end user being re-authenticated on the database server.
From the perspective of application developers, the importance of trusted connections is inseparable from the fact that a single database connection can be shared with other users, maintain the ID of each application or user that tries to access the database. User permission control helps you grant or restrict access to sensitive resources to improve system security and user responsibility.
Use the Informix Client driver to manage trusted contexts
In this section, you will learn how to create, modify, and discard a trusted context. To create and manage trusted contexts, your application must connect to the Informix server through TCP/IP. The following Informix Client drivers expose APIs to support trusted connections.
- IBM Informix JDBC driver
- IBM Informix ODBC driver
- IBM Informix ESQL/C driver
Establish a trusted connection
Use the JDBC driver
To request a trusted connection in a JDBC application, you can include the TRUSTED_CONTEXT = TRUE attribute in the Database URL, as shown in Listing 1.
List 1. Connect using the JDBC driver
jdbc:informix-sqli://hostname:portnumber/database_name:INFORMIXSERVER = server_name; TRUSTED_CONTEXT = TRUE;
Use ODBC driver
The following two methods are used to establish a trusted connection through ODBC. An example is shown in Listing 2.
Use SQLSetConnectAttr () API:
SQLSetConnectAttr (hdbc1, SQL _ATTR_USE_TRUSTED_CONTEXT, SQL _TRUE, SQL _IS_INTEGER ));
Use the connection string parameters:
TRUSTEDCONTEXT = 1; or TCTX = 1;
Listing 2. ODBC driver sample connection string
"Server = ol_informix_1170; Host = 9.124.123.54; Service = ol_informix_1170; Protocol = onsoctcp; Database = stores7; TRUSTEDCONTEXT = 1 ;"
Use ESQL/C driver
In ESQL/C, TRUSTED connections are created using the TRUSTED keyword and connection statement, as well as the user name and password, as shown in listing 3.
Listing 3. Connecting using ESQL/C drivers
EXEC SQL CONNECT TO 'database_name' USER 'informix' USING :infx_passwd TRUSTED;