JDBC LDAP connection with encrypted password

Connectivity

JDBC LDAP connection with encrypted password

I am connecting to Teradata via JDBC and LDAP using the following URL format:

jdbc:teradata://myserver/LOGMECH=LDAP,LOGDATA=username@@password

The problem here is that the password is being sent out over the network as plaintext. Is there a way to make this connection so that the password is encrypted? It is my understanding that ENCRYPTDATA only encyrpts the data and not the password, so that would not be a solution for this problem.

Thanks,

Scott

Tags (3)
1 REPLY
Teradata Employee

Re: JDBC LDAP connection with encrypted password

Question: The problem here is that the password is being sent out over the network as plaintext. Is there a way to make this connection so that the password is encrypted?

Answer:

The credentials (username and password) are always encrypted before being sent over the network to the Teradata Database. That feature has been present since Teradata Database V2R5.1 in 2003.

Question: It is my understanding that ENCRYPTDATA only encyrpts the data and not the password

Answer:

The credentials (username and password) are always encrypted before being sent over the network to the Teradata Database, regardless of the setting of the ENCRYPTDATA connection parameter.

Specifying the ENCRYPTDATA=ON connection parameter encrypts all the network traffic between the Teradata JDBC Driver and the Teradata Database. To be completely clear, the credentials (username and password) are encrypted when the ENCRYPTDATA=ON connection parameter is specified. Specifying the ENCRYPTDATA=ON connection parameter does not decrease message traffic encryption; it only increases message traffic encryption.

Finally, if you are only using the LOGDATA connection parameter for username and password, you can instead use the standard JDBC API method arguments for username and password, because you may find them to be more convenient.

Connection con = DriverManager.getConnection("jdbc:teradata://myserver/LOGMECH=LDAP", user, password);