The OpenEdge DataServer for Oracle does not require its own authentication. Users connecting through Oracle client libraries from a DataServer application need to provide only their foreign data source credentials to make a connection.

Secure connection to a foreign database can be made in three different ways:

  • Wait for the Data Administration tool to prompt you for your data source user ID and password.
  • Provide a -U and -P parameter during OpenEdge client startup or as a parameters (.pf) file.
  • Add user ID and password in the Connection Parameters field of your logical database and they are picked up for processing with the foreign data source connection.

The OpenEdge DataServer for Oracle supports encoding user credentials. Use the genpassword utility to securely encode user credentials for foreign databases by specifying an encoding prefix, for example ae2h1. For more information, see genpassword and Encoding prefix.

Note:

  • Oracle DataServer does not support BASE64 encoding. Therefore, using encoding prefix such as ae2b1, ae2b2, and similar will result in an error.

  • The default prefix for encoding login credentials is ae2h1.
  • When creating user credentials, it is recommended to avoid using any encoding prefixes supported by the genpassword utility. For example, ae2h1 should not be used as either a username or password.
Alternatively, you can use the ENCRYPT-AUDIT-MAC-KEY()method to encode a password for a database connection. For example, the following ABL code demonstrates how OpenEdge applications can use ENCRYPT-AUDIT-MAC-KEY() to securely encode user credentials for foreign databases by specifying the ae2h1 encoding prefix: 
DEFINE INPUT PARAMETER cUserID AS CHARACTER NO-UNDO.
DEFINE INPUT PARAMETER cPasswd AS CHARACTER NO-UNDO.
CONNECT <schema-holder> -1 NO-ERROR.
/* self service */
CONNECT <logical-database> -ld <logical-database> -dt ORACLE
VALUE( " -U " + cUserID + " -P " +
AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd, "ae2h1")) NO-ERROR.
/* client/server */
CONNECT <logical-database> -ld <logical-database> -dt ORACLE
VALUE( " -U " + cUserID + " -P " +
AUDIT-POLICY:ENCRYPT-AUDIT-MAC-KEY(cPasswd, "ae2h1"))
-H <host> -S <port> NO-ERROR.

In this example code, cUserID and cPasswd represent credentials entered by a user to authenticate and establish identity for the database connection. The encoded password is passed as the value of the -P (Password) connection parameter. These credentials are encoded internally on behalf of the application, ensuring that clear text is neither visible to the application nor transmitted over the connection. This security policy is enabled by default.

You can still choose to store credentials in clear text within the dictionary. However, if you encode the credentials as shown in the example, they remain encoded while stored in the schema holder and are automatically decoded by the DataServer when authentication is required for the foreign data source connection.

For more information on setting an encoded password value, see ENCRYPT-AUDIT-MAC-KEY( ) method.

The following table outlines encoding compatibility and connection behavior between different OpenEdge client and server version combinations:
Client version Server version Encoding compatibility Connection behavior
12.2.18 or earlier 12.2.18 or earlier Supported Connects successfully
12.2.19 or later 12.2.18 or earlier Not supported Fails to connect
12.2.18 or earlier 12.2.19 or later Not supported Fails to connect
12.2.19 or later 12.2.19 or later Supported Connects successfully
Note:
  • Encoding requires that both the OpenEdge client and server are on compatible versions. For example, connecting an OpenEdge 12.2.19 or later client to a 12.2.18 or earlier server may fail due to lack of support for newer encoding mechanisms in older server versions.
  • Compatibility is maintained between 12.2.19 and later versions.