on 05-16-2016 3:44 PM
Currently in our ASE environment via a login trigger, we at login do a lookup on an authorization table that contains users and tcpip addresses that are allow to connection to the ASE server. We need to duplicate this functionality in IQ, and seems like I will need to write a new event_parameter, along with a create_event statement to build this functionality in IQ.
Has anyone else had to implement connectivity restrictions via Username and IP before? Any thoughts on this approach?
Jim
Gentlemen,
thank you for your responses, I will investigate both of these solutions. I really do appreciate your insight.
Jim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I've an event that might help you.
Please be very careful not to log out yourself. Maybe you can create an additional check right at the beginning so that 'DBA' login does not go though the checks.
create event restrict_logins type [connect]
handler
begin
declare uname varchar(50);
declare conn_ID int;
set uname = event_parameter('User');
set conn_ID = event_parameter('ConnectionID');
if uname in ('test1', 'test2') then
execute immediate (' drop connection ' || conn_ID) ;
message 'Connection with the wrong user' to log;
end if;
if exists (select 1 from sa_conn_properties(conn_ID) where PropName = 'AppInfo' and Value not like 'IP=1.2.3.4%') then
-- execute immediate (' drop connection ' || conn_ID) ;
message 'Connecting from wrong IP' to log;
end if;
end;
Best regards,
Juergen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jim,
I suggest you use the login_procedure database option for this purpose. I found it very briefly explained in the IQ manuals but more verbose in those for SQL Anywhere [DocCommentXchange].
HTH
Volker
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.