Trusted context and trusted connection
A trusted context is a database object that defines a trust relationship for a connection between the database and an external entity such as an application server. The trust relationship is based upon the following set of attributes:
- System authorization ID: Represents the user that establishes a database connection
- IP address (or domain name): Represents the host from which a database connection is established
- Data stream encryption: Represents the encryption setting (if any) for the data communication between the database server and the database client
When a user establishes a database connection, the DB2 database system checks whether the connection matches the definition of a trusted context object in the database. When a match occurs, the database connection is said to be trusted.
To prevent access to sensitive information in 'credit_card' table from outside the organizational premisis, the J.K.Avro superstore decides to have trusted connection using trusted context objects.
Operation
On Windows, on a command window enter ipconfig /all
. From the result, obtain the IP Address
of the system.
On UNIX/Linux, at a terminal enter ifconfig
. From the result, obtain the inet addr
(IP address) of the system.
On the right pane, click Edit Query. Replace ~~~~ipaddress~~~~ with the ipaddress of the system
to create the trusted context object..
Create trusted context Object
The SECADM of J.K.Avro superstore creates a trusted context object called trCtx. A trusted connection using this object can only be established from a particular IP address or a domain name by the authentication ID joe.
Note that localhost and 127.0.0.1 are not accepted for trusted connection.
Behavior of trusted context trCtx:
- Joe gets default role 'Mgr' privileges if connected through the trusted connection.
- The trusted context is also enabled with use for Sue and Bob.
- To switch user from Joe to Sue, Sue's password is required for authentication. Once authenticated, Sue will also receive the default Mgr role privileges.
- To switch user from Joe to Bob, no authentication is required. Once authenticated, Bob will only receive custService role privileges.
Solution
SECADM pat, successfully creates trusted context object. When Joe connects to the database through trusted connection, he will be
able to access table data, else if he tries to access table data from a non-trusted connection, he will not be able to access table
data.