Client/Server Security Drivers
Client/server drivers handle aspects of networking security and login that are not handled by Uniface's default login behavior. A basic security driver is provided, which implements a Base64 encoding of sensitive data in message headers. You can create your own driver to provide the desired login functionality using the Security Driver API.
A client/server security driver enables you to control encoding and decoding of information in messages and headers, and to provide alternative username/password authentication. It can also provide customized extended login functionality that overrides the default extended login functionality provided by Uniface.
Encoding and Decoding
In Uniface applications that are distributed over a network, the client communicates with a server by initially sending a connect message to the Uniface Router. The connect message contains a user name and a password that are not encoded in any way. Once a connection is established, various types of messages are sent to the Uniface Router, depending on the actions the end user performs on the client. These messages have a message header that might contain a Uniface path description, so they might also contain a username and password—again, these are not encoded.
Encoding and decoding are extra activities that can degrade system performance, so the Security Driver API offers a choice as to what should be encoded and decoded. You can choose to implement a security driver that can do one or more of the following:
- Encode and decode the connect message
- Encode and decode sensitive message header data
The client/server security driver allows you to define your own username/password validation, but it does not provide the means to change the way a server is executed. This places some platform-specific restrictions on the username/password validation. For more information, see Restrictions for Client/Server Security Drivers.
Extended Login
Extended login functionality provides more
information than is returned by the standard Uniface login function. During the connection process,
the user name and password from the connect message are authenticated using the normal operating
system authentication scheme. The user name and password must be a valid combination recognized by
the server machine. The standard Uniface function that performs this authentication returns
TRUE or FALSE, which does not convey a great deal of information.
Extended login functionality allows you to:
- Pre-validate the user name and password
- Retrieve any informational messages, such as password expiration or that the account is temporarily blocked, and so on
- Change the password for an account.
Extended login functionality is available only for Uniface Windows applications that connect to Uniface Servers running on Sun Solaris hosts.
You can create a security driver that provides your own extended login functionality, providing this behavior on other platforms or overriding the default Uniface behavior. If the security driver declares that it supports extended login functionality, it will be called to do so.
All network paths specified in the [XLOGIN] section of an application's assignment file will use the same security driver, if it is specified.
