1. Interoperability Guide
  2. JDBC Driver Security Considerations

JDBC Driver Security Considerations

JD Edwards EnterpriseOne JDBC drivers require a user name and password for authentication. At the same time, the same user name is authorized for the environment and role, which are passed in the connection URL. If you do not specify a role in the connection URL, the system uses *ALL. This model poses a serious security risk and a high maintenance requirement for third-party systems where a single JDBC connection is shared across multiple users.

To alleviate this problem, the JD Edwards EnterpriseOne JDBC drivers allow for a proxy authentication model by way of the impersonate connection property. In this model, the authentication and authorization are separated into two steps:

  1. All users are authenticated through the security server with a sign-on EnterpriseOne proxy user name and password.

    Important:

    If you are using a Type 3 JDBC driver, this user name must be the same as the JDBj Bootstrap session user ID of the Data Access Server instance to which you are connecting.

  2. The impersonate user name that is passed in the connection property, is authorized for the environment and role. If you do not specify a role in the connection URL, the system uses *ALL.