17.05 - Teradata Client Software Enforcement of Trusted Sessions - Teradata Database

Teradata Vantage™ - SQL Data Control Language

Advanced SQL Engine
Teradata Database
June 2020
Programming Reference

Client software enables the enforcement of this security feature by providing code developers with the ability to indicate whether an SQL request is trusted or not. To do this for a CLIv2 application, use the Trusted flag of the CLIv2 Options parcel to specify Y if a request is trusted or N if a request is not.

You should always code your trusted user-based middle tier applications using Parcel Mode Fetch CLIv2 operations only. If you code the application using a CLIv2 Buffer Mode Fetch operation, it becomes possible for nontrusted users to construct their own Options parcels and inject nontrusted SQL code into the application.

Refer to either Teradata® Call-Level Interface Version 2 Reference for Workstation-Attached Systems, B035-2418 or Teradata® Call-Level Interface Version 2 Reference for Mainframe-Attached Systems, B035-2417, as appropriate, for detailed information about the Options parcel and how CLIv2 applications can be coded using Parcel Mode Fetch operations and the DBCAREA.

Each of the Teradata application APIs provides a mechanism for applications to specify whether requests are to be trusted or not. This mechanism prohibits an SQL request from being upgraded from a nontrusted status to trusted status. Refer to the appropriate Teradata Tools and Utilities documentation to determine how the API you are using for your middle tier application handles this feature.