Trusted Sessions - ODBC Driver for Teradata

ODBC Driver for Teradata User Guide

Product
ODBC Driver for Teradata
Release Number
15.10
Language
English (United States)
Last Update
2018-10-07
dita:id
B035-2526
lifecycle
previous
Product Category
Teradata Tools and Utilities

Trusted Sessions provides more security to applications that interface between users and the database, especially in cases where users can submit their own SQL query commands.  It prevents a user from possibly submitting "SET QUERY_BAND" commands to change a proxy user.  Trusted sessions are supported in Teradata database 13.10 or later.

The database does not allow SET QUERY_BAND SQL to set/change a proxy user on a session having GRANT CONNECT THROUGH privilege with the ‘WITH TRUST_ONLY’ option, unless it is submitted as a trusted SQL request.  The ODBC Driver submits an SQL as trusted only when an SQL_ATTR_TRUSTED_SQL(13010) statement attribute is set by calling SQLSetStmtAttr() with a value SQL_TRUE.  Immediately after SQLExecute() or SQLExecDirect() is called, SQL_ATTR_TRUSTED_SQL will be reset to the default value SQL_FALSE.

For more information on the GRANT CONNECT THROUGH privilege, please refer the database manual SQL Data Control Language.

The following is sample code to send a trusted SQL:

……….
……….
RETCODE result;
result = SQLSetStmtAttr(StatementHdl, SQL_ATTR_TRUSTED_SQL, (SQLPOINTER)SQL_TRUE, SQL_IS_UINTEGER);
if (SQL_SUCCESS == result)
{
/ After SQL execution, the SQL_ATTR_TRUSTED_SQL attribute value will be reset to SQL_FALSE
// to prevent any further use of SET QUERY_BAND until you change the attribute to SQL_TRUE once again.
        
result = SQLExecDirect(yourStatementHdl, (SQLTCHAR *) "SET QUERY_BAND='proxyuser=user1;' FOR SESSION; ", SQL_NTS);vt
if (SQL_SUCCESS != result)
{
// Handle error
}
}
else
{
// Handle error
}