cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricting Login by IP/User

Former Member

on ‎05-16-2016 3:44 PM

0 Kudos

Currently in our ASE environment via a login trigger, we at login do a lookup on an authorization table that contains users and tcpip addresses that are allow to connection to the ASE server.  We need to duplicate this functionality in IQ, and seems like I will need to write a new event_parameter, along with a create_event statement to build this functionality in IQ. 

Has anyone else had to implement connectivity restrictions via Username and IP before?  Any thoughts on this approach?

Jim

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎08-22-2016 2:51 PM
0 Kudos

Gentlemen,

thank you for your responses, I will investigate both of these solutions.  I really do appreciate your insight.

Jim

Show replies
Show replies
hans-juergen_schwindke
Active Participant
‎05-18-2016 11:40 AM
0 Kudos

Hi,

I've an event that might help you.

Please be very careful not to log out yourself. Maybe you can create an additional check right at the beginning so that 'DBA' login does not go though the checks.

create event restrict_logins type [connect]

handler

begin

  declare uname varchar(50);

  declare conn_ID int;

  set uname = event_parameter('User');

  set conn_ID = event_parameter('ConnectionID');

  if uname in ('test1', 'test2') then

    execute immediate (' drop connection ' ||  conn_ID) ;

    message 'Connection with the wrong user' to log;

  end if;

  if exists (select 1 from sa_conn_properties(conn_ID) where PropName = 'AppInfo' and Value not like 'IP=1.2.3.4%') then

    -- execute immediate (' drop connection ' ||  conn_ID) ;

    message 'Connecting from wrong IP' to log;

  end if;

end;

Best regards,

Juergen

Show replies
Show replies
SybDBA
Participant
‎08-23-2016 8:18 PM
0 Kudos

Superb !!

Thanks a ton for this , it might help me as well

With warm regards

--

Pankaj

former_member194571
Active Participant
‎05-18-2016 10:39 AM
0 Kudos

Hi Jim,

I suggest you use the login_procedure database option for this purpose. I found it very briefly explained in the IQ manuals but more verbose in those for SQL Anywhere [DocCommentXchange].

HTH

Volker

Show replies
Show replies
Ask a Question