16.20 - Preventing Unauthorized Use of Query Banding by Proxy Users - Teradata Database - Teradata Vantage NewSQL Engine

Teradata Vantage™ SQL Data Definition Language Syntax and Examples

Product
Teradata Database
Teradata Vantage NewSQL Engine
Release Number
16.20
Published
March 2019
Content Type
Programming Reference
Publication ID
B035-1144-162K
Language
English (United States)
Last Update
2019-05-24

If no restrictions are imposed, a proxy user could use a SET QUERY_BAND statement to change the proxy user for the session and possibly make unauthorized access to the database. However, use the GRANT CONNECT THROUGH statement and the WITH TRUST ONLY clause to instruct the database to honor SET QUERY_BAND statements that set or update a proxy user only if they are part of a trusted request. You also must program the application trusted user to flag each request as trusted or not trusted to prevent unauthorized use of SET QUERY_BAND to change of the proxy user for a trusted session.