Progress
Programming
Handbook
Validating Progress User IDs and Passwords
If the security administrator establishes a list of valid user IDs, then your application must prompt the user for a user ID and password at connection time. Typically, an application does this by running the standard Progress startup procedure,
_prostar.p
. This procedure, in turn, runs the standard Progress authentication procedure,_login.p
, for each connected database. (Authentication is the process of verifying a user’s identity.)The
_prostar.p
procedure also prepares_login.p
to run appropriately in the current application environment (character or graphical) and verifies that no connected databases have the logical name DICTDB. This allows_prostar.p
to assign the same alias (DICTDB) to each connected database before calling_login.p
. Then,_login.p
can authenticate access as it is called for each different database using the same database name.This is the
_login.p
procedure:
The
_login.p
procedure uses the Progress SETUSERID function to check the user ID and password that the user enters. The user has three tries to enter the correct user ID and password for each database. If the user fails to do so after three tries, Progress exits the user from the database. If the user ID and password combination is valid for the database, SETUSERID establishes that user ID for the connection.The input parameter for
_login.p
allows it to display the authentication prompts either in a dialog box (viewAsDialog = TRUE) or in the frame of a separate window (viewAsDialog = FALSE). The_prostar.p
procedure uses a separate window in graphical environments and the default window in character environments, so it always passes FALSE as an argument to_login.p
.As explained earlier, the
_login.p
procedure only works for a database with the DICTDB alias. (By default, this alias is assigned to the first database you connect to during a session.) If you want to avoid this restriction, you can create your own procedures, based on_prostar.p
and_login.p
, that pass an argument for the database name.If the application does not run
_prostar.p
at connection time, or if the user bypasses_login.p
(by pressing END–ERROR when prompted for the user ID and password), then the user is assigned the blank user ID. While blank user IDs can connect to the database, they cannot access data protected by compile-time and run-time security.If you connect to a database dynamically using the CONNECT statement, you can use the User ID (–U) and Password (–P) connection parameters in the CONNECT statement, or you can use the SETUSERID function after the connection.
The following procedure connects to the mywork database that has a list of valid users. The user initially connects to the database with a blank user ID. The code then enters a loop that forces the user to provide a valid user ID and password for that database:
Copyright © 2004 Progress Software Corporation www.progress.com Voice: (781) 280-4000 Fax: (781) 280-4095 |