Skip to Content
author's profile photo Former Member
Former Member

Restricting Login by IP/User

Currently in our ASE environment via a login trigger, we at login do a lookup on an authorization table that contains users and tcpip addresses that are allow to connection to the ASE server. We need to duplicate this functionality in IQ, and seems like I will need to write a new event_parameter, along with a create_event statement to build this functionality in IQ.

Has anyone else had to implement connectivity restrictions via Username and IP before? Any thoughts on this approach?

Jim

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Posted on May 18, 2016 at 10:40 AM

    Hi,

    I've an event that might help you.

    Please be very careful not to log out yourself. Maybe you can create an additional check right at the beginning so that 'DBA' login does not go though the checks.

    create event restrict_logins type [connect]

    handler

    begin

    declare uname varchar(50);

    declare conn_ID int;

    set uname = event_parameter('User');

    set conn_ID = event_parameter('ConnectionID');

    if uname in ('test1', 'test2') then

    execute immediate (' drop connection ' || conn_ID) ;

    message 'Connection with the wrong user' to log;

    end if;

    if exists (select 1 from sa_conn_properties(conn_ID) where PropName = 'AppInfo' and Value not like 'IP=1.2.3.4%') then

    -- execute immediate (' drop connection ' || conn_ID) ;

    message 'Connecting from wrong IP' to log;

    end if;

    end;

    Best regards,

    Juergen

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on May 18, 2016 at 09:39 AM

    Hi Jim,

    I suggest you use the login_procedure database option for this purpose. I found it very briefly explained in the IQ manuals but more verbose in those for SQL Anywhere [DocCommentXchange].

    HTH

    Volker

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 22, 2016 at 01:51 PM

    Gentlemen,

    thank you for your responses, I will investigate both of these solutions. I really do appreciate your insight.

    Jim

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.