Before users of your application can access SQL data, they must log into a SQL data source. When a user first attempts to perform a task on the data source, such as opening a table, a dialog will be displayed prompting them to log in. The Login window is shown in the following illustration.
The data source name is created using the administrative functions of the ODBC drivers. The user ID and passwords are created using your database management system (DBMS). Refer to your ODBC and DBMS documentation for information on valid syntax for the data source, user ID and password fields.
The login process verifies that the specified user has access to the selected data source, and confirms that the password entered is associated with that user. If the login is successful, the user can perform operations on the data source. The user doesn’t have to log in again for subsequent database operations.
A login may fail for any of the following reasons:
In some cases, you may want to control when the user logs into a SQL data source. You can use the Login_OpenDexDialog() function to open and control Dexterity’s Login window, rather than have the Login window open automatically when user first performs a database operation.
For security and consistency reasons, we recommend that your application require users to log in as soon as the application is started.
If you don’t want to use Dexterity’s Login window, you can use functions from the Login function library to incorporate the login process into one of your application’s windows. Creating your own window will allow you to combine logging into your application with logging into the data source.
While you may want to create your own Login window to control user access to certain resources, you can rely on the data source security to provide a basic level of security for your application. To do this, you must require a user to log into the data source before your application starts.
The SQLNumInitialConnections defaults file setting can be used to force a user to log in before your application is started. If the number of initial connections required is one or more, the specified number of connections to the data source must be established before your application will start. The Dexterity Login window will automatically be used to prompt the user for login information. If the login fails, the user will be prohibited from opening and using your application.
Two other defaults file settings can affect the security of your application: SQLNumLoginTries and SQLPassword.
Not including the SQLUser and SQLDataSource settings in the defaults file won’t reduce the security vulnerability if the Dexterity Login window is used. In the absence of those two settings, Dexterity will add the SQLLastDataSource and SQLLastUser settings to the defaults file once a user has accessed a data source from that workstation. Excluding the SQLPassword setting from the defaults file will help ensure the security of your application.
The SQLPassword setting was created to allow developers to quickly and easily test their applications. To preserve client security, we recommend that it not be used in an application’s release version.