15.10 - Trusted Sessions - ODBC Driver for Teradata

ODBC Driver for Teradata User Guide

prodname
ODBC Driver for Teradata
vrm_release
15.10
category
User Guide
featnum
B035-2509-035K

Trusted Sessions provides more security to applications that interface between users and the database, especially in cases where users can submit their own SQL query commands.  It prevents a user from possibly submitting "SET QUERY_BAND" commands to change a proxy user.  Trusted sessions are supported in Teradata database 13.10 or later.

The database does not allow SET QUERY_BAND SQL to set/change a proxy user on a session having GRANT CONNECT THROUGH privilege with the ‘WITH TRUST_ONLY’ option, unless it is submitted as a trusted SQL request.  The ODBC Driver submits an SQL as trusted only when an SQL_ATTR_TRUSTED_SQL(13010) statement attribute is set by calling SQLSetStmtAttr() with a value SQL_TRUE.  Immediately after SQLExecute() or SQLExecDirect() is called, SQL_ATTR_TRUSTED_SQL will be reset to the default value SQL_FALSE.

For more information on the GRANT CONNECT THROUGH privilege, please refer the database manual SQL Data Control Language.

The following is sample code to send a trusted SQL:

……….
……….
RETCODE result;
result = SQLSetStmtAttr(StatementHdl, SQL_ATTR_TRUSTED_SQL, (SQLPOINTER)SQL_TRUE, SQL_IS_UINTEGER);
if (SQL_SUCCESS == result)
{
/ After SQL execution, the SQL_ATTR_TRUSTED_SQL attribute value will be reset to SQL_FALSE
// to prevent any further use of SET QUERY_BAND until you change the attribute to SQL_TRUE once again.
        
result = SQLExecDirect(yourStatementHdl, (SQLTCHAR *) "SET QUERY_BAND='proxyuser=user1;' FOR SESSION; ", SQL_NTS);vt
if (SQL_SUCCESS != result)
{
// Handle error
}
}
else
{
// Handle error
}