Neoview User Management and Security Administration Guide (R2.5)
[ODBC Data Sources]
TDM_Default_DataSource = Neoview Data Source
[TDM_Default_DataSource] << --- DataSource section
Description = TDM_Default_DataSource
NeoviewCertificateDir = /h/bwell/custom/certdir <<-- overrides the one specified ion the ODBC section
Catalog = NEO
Schema = ODBC_SCHEMA
DataLang = 0
FetchBufferSize = SYSTEM_DEFAULT
Server = TCP:neo0101.parnet.com:18650
SQL_ATTR_CONNECTION_TIMEOUT = NO_TIMEOUT
SQL_LOGIN_TIMEOUT = SYSTEM_DEFAULT
SQL_QUERY_TIMEOUT = SYSTEM_DEFAULT
If you specify the directory in multiple ways—for example, if you specify it at installation and
then specify a different value in the connection string:
1. The connection attribute has higher precedence than
2. The connection string, which has higher precedence than
3. The value specified during ODBC driver installation, or in the MXODSN or odbc.ini file
Similarly, if you specify the certificate filename in both a connection attribute and a connection
string, the connection attribute takes precedence.
When the workstation application attempts to connect for the first time or connects with a
certificate that has expired, the ODBC driver:
1. Checks the location specified by SQL_ATTR_CERTIFICATE_DIR and
SQL_ATTR_CERTIFICATE_FILE (or the corresponding values in the connection string
or—in the case of the certificate directory—in the ODBC driver installation, MXODSN or
odbc.ini file) to determine whether a certificate exists at that location. If the application did
not specify a directory, the driver checks the user's home directory. If the application did
not specify a filename, the driver assumes the name SYSTEM_NAME.cer, where
SYSTEM_NAME consists of the first five characters of the Neoview platform name.
2. If no certificate for the Neoview platform exists at the expected location and if automatic
download is permitted, the driver downloads the certificate from the Neoview platform to
the location specified by SQL_ATTR_CERTIFICATE_ACTIVE. If the application did not
specify that attribute, the driver assumes the name SYSTEM_NAMEActive.cer, where
SYSTEM_NAME consists of the first five characters of the Neoview platform name. If automatic
download is prohibited, an error occurs.
Specifying the Certificate File Location in JDBC
The Neoview security infrastructure requires that a certificate be installed on each workstation
that connects to a Neoview platform. A system security policy, under the control of your Security
Manager, determines how the certificate is deployed to workstations:
• In some configurations, the JDBC driver automatically downloads a certificate to the
workstation when it first connects to a Neoview platform. Because the same workstation
can connect to multiple Neoview platforms, the driver downloads a unique certificate for
every Neoview platform to which the workstation connects.
• In configurations that do not permit automatic download, the certificate is deployed to your
workstation in accordance with your own corporate security procedures.
In either case, three new JDBC connection properties specify the location of the certificate file:
• certificateDir specifies the directory where the certificate resides. If you do not specify
this attribute, the home directory applies by default.
• certificateFile specifies the file where a new certificate is deployed. This is the location
to which a new certificate must be deployed if automatic download is prohibited. By default,
the filename is SYSTEM_NAME.cer, where SYSTEM_NAME consists of the first five characters
of the Neoview platform name.
• certificateFileActive specifies the filename of the certificate used for connection.
This is the location to which a certificate is automatically downloaded if automatic download
is permitted by the security policy. By default, the filename is SYSTEM_NAMEActive.cer,
where SYSTEM_NAME consists of the first five characters of the Neoview platform name.
When the workstation application attempts to connect for the first time or connects with a
certificate that has expired, the JDBC driver:
Secure Login and Multiple-Role Support in Neoview Clients 147