Application Security › Security Using the dbconnct User Exit

Security Using the dbconnct User Exit

The default method for CA Gen to acquire DBMS connection information for block mode applications is for the AEF to locate the trancode in the AEENV file. Connection information includes the username, password, and database name. Each person that executes the application must have read access to the AEENV file that contains the connection information.

To enhance security, the following user exits handle the specific DBMS connection logic:

By default, these modules read the database connect information from the AEENV file and use the information in the database connect statement. To modify the default for obtaining database connect information, follow these steps:

1. Copy the module you want to modify and edit the appropriate user exit.
2. Add logic to populate the variables required for the database connections.

We recommend leaving the call to dbid() unchanged, and adding logic immediately before the database connect statements to populate the appropriate variables. Ensure that you add all code that the DBMS requires. For example, verify arr and len elements are populated correctly for VARCHAR. We also recommend that all AEENV files contain character strings as place holders for the database connection information. These character strings do not have to contain valid connection information.

After modifying the user exit, use the build command $IEFH/make/mkdbs to precompile, compile, and archive the database connection module for linking all applications to use the new logic.

Recreate the shared libraries for the runtime from the updated archive libraries. The simplest modification is to add strcpy() statements to the code to set the host variables. This hard codes the values for the database connection information into the user exit and requires taking appropriate file security measures. For greater security, add a call to an encryption routine.