User ID and password security under the IBM Data Server Driver for JDBC and SQLJ
With the IBM® Data Server Driver for JDBC and SQLJ, one of the available security methods is user ID and password security.
To specify user ID and password security for a JDBC connection, use one of the following techniques.
For the DriverManager interface: You
can specify the user ID and password directly in the DriverManager.getConnection invocation.
For example:
import java.sql.*; // JDBC base
…
String id = "dbadm"; // Set user ID
String pw = "dbadm"; // Set password
String url = "jdbc:db2://mvs1.sj.ibm.com:5021/san_jose";
// Set URL for the data source
Connection con = DriverManager.getConnection(url, id, pw);
// Create connectionAnother method is to set the user ID and password directly in the
URL string. For example:
import java.sql.*; // JDBC base
…
String url =
"jdbc:db2://mvs1.sj.ibm.com:5021/san_jose:user=dbadm;password=dbadm;";
// Set URL for the data source
Connection con = DriverManager.getConnection(url);
// Create connectionAlternatively, you can set the user ID and password by setting
the
user and password properties
in a Properties object, and then invoking the form
of the getConnection method that includes the Properties object
as a parameter. Optionally, you can set the securityMechanism property
to indicate that you are using user ID and password security. For
example: import java.sql.*; // JDBC base
import com.ibm.db2.jcc.*; // IBM Data Server Driver for JDBC
// and SQLJ implementation of JDBC
…
Properties properties = new java.util.Properties();
// Create Properties object
properties.put("user", "dbadm"); // Set user ID for the connection
properties.put("password", "dbadm"); // Set password for the connection
properties.put("securityMechanism",
new String("" + com.ibm.db2.jcc.DB2BaseDataSource.CLEAR_TEXT_PASSWORD_SECURITY +
""));
// Set security mechanism to
// user ID and password
String url = "jdbc:db2://mvs1.sj.ibm.com:5021/san_jose";
// Set URL for the data source
Connection con = DriverManager.getConnection(url, properties);
// Create connection
For the DataSource interface: you
can specify the user ID and password directly in the DataSource.getConnection invocation.
For example:
import java.sql.*; // JDBC base
import com.ibm.db2.jcc.*; // IBM Data Server Driver for JDBC
// and SQLJ implementation of JDBC
…
Context ctx=new InitialContext(); // Create context for JNDI
DataSource ds=(DataSource)ctx.lookup("jdbc/sampledb");
// Get DataSource object
String id = "dbadm"; // Set user ID
String pw = "dbadm"; // Set password
Connection con = ds.getConnection(id, pw);
// Create connectionAlternatively, if you create and deploy the DataSource object,
you can set the user ID and password by invoking the DataSource.setUser and DataSource.setPassword methods
after you create the DataSource object. Optionally,
you can invoke the DataSource.setSecurityMechanism method
property to indicate that you are using user ID and password security.
For example:
…
com.ibm.db2.jcc.DB2SimpleDataSource ds = // Create DB2SimpleDataSource object
new com.ibm.db2.jcc.DB2SimpleDataSource();
ds.setDriverType(4); // Set driver type
ds.setDatabaseName("san_jose"); // Set location
ds.setServerName("mvs1.sj.ibm.com"); // Set server name
ds.setPortNumber(5021); // Set port number
ds.setUser("dbadm"); // Set user ID
ds.setPassword("dbadm"); // Set password
ds.setSecurityMechanism(
com.ibm.db2.jcc.DB2BaseDataSource.CLEAR_TEXT_PASSWORD_SECURITY);
// Set security mechanism to
// user ID and passwordValid characters in passwords: All characters in the ASCII range
X'20' (decimal 32) through X'7E' (decimal 126) are valid in passwords, except for the following characters:
- X'20' (space) at the end of a password. The IBM Data Server Driver for JDBC and SQLJ strips space characters at the end of a password.
- X'3B' (semicolon)
- Any characters that cannot be converted to EBCDIC characters, if passwords in plain text are sent to a data server.
RACF® password phrase security: If you are connecting to a Db2® for z/OS® that is configured for RACF protection, and the RACF version supports RACF password phrases, you can supply a RACF password phrase for the password property value, instead of a simple password. A password phrase must conform to the following rules:
- A password phrase is a character string that can consist of mixed-case letters, numbers, and special characters, including blanks.
- The length of the password phrase can be 9 to 100 characters, or 14 to 100
characters.
Password phrases of between 9 and 13 characters are allowed when the new-password-phrase exit (ICHPWX11) is installed on the z/OS system, and the exit allows password phrases of fewer than 14 characters.
- A password phrase must not contain the user ID, as sequential uppercase or sequential lowercase characters.
- A password phrase must contain at least two alphabetic characters (A through Z or a through z).
- A password phrase must contain at least two non-alphabetic characters (numerics, punctuation, or special characters).
- A password phrase must not contain more than two consecutive characters that are identical.
- If a single quotation mark (') is part of the password phrase, the single quotation mark must be represented as two consecutive single quotation marks ('').
The following example uses a password phrase for a connection:
import java.sql.*; // JDBC base
import com.ibm.db2.jcc.*; // IBM Data Server Driver for JDBC
// and SQLJ implementation of JDBC
…
Properties properties = new java.util.Properties();
// Create Properties object
properties.put("user", "dbadm"); // Set user ID for the connection
properties.put("password", "a*b!c@ D12345 678");
// Set password phrase for the connection
properties.put("securityMechanism",
new String("" + com.ibm.db2.jcc.DB2BaseDataSource.CLEAR_TEXT_PASSWORD_SECURITY +
""));
// Set security mechanism to
// user ID and password
String url = "jdbc:db2://mvs1.sj.ibm.com:5021/san_jose";
// Set URL for the data source
Connection con = DriverManager.getConnection(url, properties);
// Create connection