The security mechanism available with SQL in a network environment includes the same basic security model described in section 8.1.3. This mechanism depends upon correct user identification in order to be effective. When SQL is used on a network by remote login, user authentication is provided by the remote login mechanism. When SQL is used on a network by means of transparent file access, user authentication is provided by the login mechanism on the TFA client and file access is controlled by the TFA server. When SQL is used on a network by means of RDA, it is the SQL'92 statement connect which contains a character string which identifies the user. Currently, this character string is the only means available within the SQL and RDA specifications to attach user identification and credentials.
Several implementations of SQL in a network environment are currently marketed. However, these implementations do not use the RDA protocol. Each uses its own protocol so that a SQL client from one vendor and an SQL server from another vendor do not interoperate. These implementations may use several different protocols to support their SQL network implementation. These protocols include TCP/IP, DECnet, and SNA.
Within some of these implementations, the user name and password make up the user identification string in the SQL connect command and this string is passed in plain text across the network. From a security point of view, that this string is passed in plain text is not good practice.
SQL, in the specification of its use with RDA and in most of its implementations in a network environment, is dependent on external support for security mechanisms. See chapters 9 and 10 for a description of vulnerabilities and security mechanisms in a network environment.