cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SQL Anywhere, distribute database user (how to replicate users and password to remote db)

obrungot
Explorer

on ‎01-18-2021 7:22 AM

0 Kudos

For a replicated database environment, what is the recommended approach to replicate database user, to ensure that a user created in a consolidated database, gets replicated to remote databases?

Show replies
Show replies
VolkerBarth
Active Participant
‎02-19-2021 5:09 PM

Late to the game: You may also consider this question from the SQL Anywhere Forum.

It basically uses the same (undocumented) approach as discussed here. 🙂

Answer
View Entire Topic
obrungot
Explorer
‎01-19-2021 12:58 PM

Well, that table would then need to contain the password. I would really not do that. Is is possible to set the grant with a hashed string

GRANT CONNECT user1 identified by encrypted 'HASHED STRING'

If so, then I don't see the problem adding it to helper table.

Show replies
Show replies
chris_keating
Product and Topic Expert
Product and Topic Expert
‎01-19-2021 7:09 PM
0 Kudos

Storing credentials plain text is certainly not something you would do in an implementation. One option using existing SQLA features would be to use ENCRYPT and DECRYPT functions on both the user id and password.

obrungot
Explorer
‎01-19-2021 7:29 PM
0 Kudos

Yes, but only encrypt/decrypt don't offer much security by itself. Is it not possible to grant with password string already hashed? Or must the hashing be performed by the database?

chris_keating
Product and Topic Expert
Product and Topic Expert
‎01-20-2021 2:21 PM
0 Kudos

The only issue relates to the syntax you are proposing is undocumented and intended for use by the unload mechanism. As it is undocumented, there is no guarantee that the syntax will no be changed.

The password hash is SHA256. ENCRYPT offers several algorithm and format options.

Ask a Question