A typical UltraLite database contains one user ID and password. UltraLite databases are created with a default user ID of DBA and default password of sql unless otherwise specified. UltraLite Java edition databases are created with a default password of DBA.
Changing the user schema is optional and not required. Many applications do not need database-level authentication and assume that a device level password is sufficient authentication to access an application and its data.
Common reasons for not authenticating users may be because the deployment is to a single-user device, or that it is too awkward to prompt a user each time they start the application.
You do not need to include a user ID or password in the database connection string if you do not need database-level authentication. The simplest UltraLite connection string is DBF=filename. The remainder of this section explains how UltraLite implements user IDs and describes how to use them for cases where you need explicit user authentication.
When developing an UltraLite application with a custom user authentication interface, you can effectively use the UltraLite user IDs and password hashes stored in an UltraLite database to validate user-supplied credentials and avoid creating your own password hashing algorithm. By adding users to your UltraLite database, you store their user IDs and password hashes. You can then validate the user-supplied credentials in your application by attempting to connect to the database with the UID and PWD connection parameters, where UID=username and PWD=password. A successful UltraLite database connection indicates that the user is authentic.
Unlike SQL Anywhere users, UltraLite users are created and managed solely for authentication and not for object ownership or specific database roles and privileges. Once users are authenticated, they gain full access to the database.
By creating user IDs and passwords, you control connections to the UltraLite database but do not secure the data in the database file. The contents are stored as plain text and can be read directly.
To secure the database contents, it is recommended that you encrypt the file. When you encrypt the file, you can authenticate users with an encryption key rather than a user ID and password.
You can obfuscate the file to alter the storage so that data is not stored as plain text, but this approach does not secure the data.
UltraLite user IDs are different from MobiLink user names.
Discuter à propos de cette page dans DocCommentXchange.
|Copyright © 2013, SAP AG ou société affiliée SAP - SAP Sybase SQL Anywhere 16.0|