Re: Any other way to supply userid/password?

[David Donnelly <Dave@ISISBIO.COM>]

        Thanks for the ideas on this subject.  I don't have an elegant solution 
so far.  Here are the suggestions:

>1) Define an environment variable and then reference it with
>   %my_var% in your .BAT file.  This is limiting since it
>   requires that the variable be defined in the environment
>   and therefore is visible to any user.  If you're less
>   worried about users seeing it than you are about people
>   who can simply browse the file system where the bat files
>   are created, this may be a viable solution for you.

        I have done this in the past, and it works, but it's insecure.  I think 
it's less secure than passing the connect info in even a hidden file, as it 
stays around when the job is not running.

>
>2) A much more complicated solution is to write your own little
>   C program which invokes SQR and passes the username and password
>   to it.  The C program could then read an encrypted username and
>   password from a visible file, decrypt it, and then invoke SQR.


        This is what I'm doing now, and am trying to simplify.  We link a front 
end onto SQR itself, but this requires that we send our clients updates rather 
than let them deal with Sqribe themselves.  I did write a calling program (in 
SQR, not C!!) and it works OK in NT, but seemed to have some problems in 
Windows 95.  But a C program is probably how I'll have to go.

>If you use the process scheduler you can pass 'em in on the command line via
metastrings.

        Thanks, this isn't a PeopleSoft situation.  I suppose this is kinda 
like the environment variable technique, above.  Hey, anybody ever use 
WinBatch?  Would that help?

>>I don't know how easy this would be for you, but since SQR allows you to
"connect" to a new Userid/password combination, you could create a user which is
very restricted, and the only access is to a table which contains the encrypted
id/password.  SQR would retrieve this, decrypt it (either a simple crypt which
you could write in SQR, or a complex one with a custom function) and issue the
connect command.  This would be slightly more secure than #1 and more or less
than #2 depending on how much work you would like to do...

        This was so exciting I tried it right away.  Alas, SQR won't compile my 
programs because it can't find any of the tables during the parse.  I can't use 
compiled SQR for other reasons.  Dynamic SQL would work but I'm not up for 
rewriting it all.

        I also tried just using a slash and -xl but if you do this you can't 
put any sql in the program.

>>You can also place all of your report input parms in a file (including the
password/id field) and specify @filename.dat on the command line.   The batch or
SQR programs could then delete the file when it's done.  You can also combine
some of these as you see fit!

        This would be perfect but it didn't work for me ... if I have "sqrw 
programname @x.dat" SQR pops up a dialog box to ask for the userid/password ... 
 Anyone have a different invocation that lets you get the connectivity info 
from a file?

        Thanks, and keep 'em coming, I'll try 'em.  Did anyone ever ask Sqribe 
why this isn't supported?




Dave Donnelly           <dave@isisbio.com>  or  <isisdave@usa.net>
ISIS BioComp            phone (909) 677-2446      fax (909) 677-3991