Re: Passing Arguments to Login-Procedure

Hi Stefan,

See the following sqlanywhere-forum thread for more details about changing the connection string after login - it can't be done (and really isn't intended for that purpose):

http://sqlanywhere-forum.sap.com/questions/8730/is-there-a-way-to-set-con-property-connection-apart-from-the-connection-…

So in summary, no, there isn't a way to change the connection name, and as Arcady points out, it isn't a very secure mechanism to transfer passwords. Arcady is also correct in that you should call the login procedure directly from your application.

There are two issues here:

1) Changing connection name information after login / passing information around on your connection

Instead of storing the information in the 'Name' connection property, you probably just want to use a connection-level variable or a customer user-specified database option (created by 'DBA' authority in SQL Anywhere 12 and lower or with the SET ANY USER DEFINED OPTION privilege in SQL Anywhere 16 ) to pass along information from the login procedure:

    CREATE VARIABLE myVar VARCHAR(100);
    SET myVar = 'Hello, World!';

    ...

    SELECT myVar;

or

    SET OPTION PUBLIC.custom_option = 'default'
    ...
    SELECT * FROM SYS.SYSOPTION;

2) Creating a secure, custom, login procedure against another table

If you're going to be using just one database user with one set of permissions, you should look to pass the custom authentication information after the database connection has been made (hopefully over a strongly encrypted connection, for maximum security), and ideally using a prepared statement with bound parameters from the programming API you're using. Your application can then handle any SQL exceptions that are thrown from the login procedure statement and log-out the user from the application at that time.

You are correct in that this will need to be done outside of the original login procedure (that should really be verifying the supplied database username and password).

e.g. in Java:

       ==================
       Connection con = DriverManager.getConnection( "jdbc:sqlanywhere:uid=DBA;pwd=sql" );

       String sqlStr = "CALL sp_custom_login( ?, ? ) ";

       // Prepare the statement

       PreparedStatement stmt = con.prepareStatement( sqlStr );

       // Set values

      stmt.setString( 1, 'userName' );

      stmt.setString( 2  'password' );

       // Execute the statement

       try {

           int iRows = stmt.executeUpdate();

       } catch (SQLException ex) {

             // Can't log in - log user out of application...
             ex.printStackTrace();
       }

Regards,

Jeff Albion

SAP Active Global Support