Concept

Every configuration can be protected against unauthorized access from the user tasks of other configurations by means of a configuration-based password. When a connection is set up, the password assigned to the local configuration serves as a lockcode, and those assigned to the remote configurations are used as keycodes (originally called locks and keys; see also the openUTM “Access control via openUTM”).

Whenever a request to set up a connection is initiated in a user task, the appropriate keycode password is supplied by UDS-D with the request. When the request arrives in the remote configuration, this keycode is compared in the UDS-D task with the corresponding lockcode. If the lockcode and keycode do not match, the request to establish the connection is rejected by the UDS-D task. The database request of the application program that initiated the connection setup is aborted, and any transaction that was already opened is rolled back.

Assigning passwords

Configuration-based passwords can be assigned in the input file for the distribution tables and by using the DAL command &PWD DISTRIBUTION (see section “The distribution table” and “Assigning and changing a password (&PWD DISTRIBUTION)”).

Example

Two UDS/SQL applications are running concurrently, one using a test configuration, and the other with a production configuration. In order to facilitate the incorporation of the test application for production use at a later stage, there are not differences between the two configurations with respect to the privacy information and the subschema and database names.

This approach can be supported by protecting the production configuration from the test configuration by means of a configuration-bases password. If the configuration and processor name of the production application is inadvertently entered in the distribution table of the test application, the password will prevent the test application from accessing the production database(s) in any case.