I am implementing webservices in SQL Anywhere 10, and for some security reasons I want to implement two factor authentication using token (device/software) that generates OTP. I have found some open source token solutions, but I wanted to know whether there are some ready plug-ins or recommended token providers which can be used in such cases. |
I haven't heard about SqlAnywhere support of JWT or other tokens. You can use any server for this purpose (e.g. based on Java/nodejs or something else) and hide SA web services behind it.
I guess you shouldn't try to squeeze everything what this world invented into a poor SA10 (not even 17).
Thank you, just wanted to make sure, because some providers of OTPs write explicitly that they support a list of Databases (Oracle, MariaDB...etc).
hm... maybe they support different DB servers as a part of ADFS or other providers?
What I know is that every DB has users with passwords or certificates, and maybe the OTP generator is a stand-alone server that generates/resets the password for every user, or used as a part of IDP, that people use to login into the database. E.g. SAML or something like that. But again, in low-lever I haven't seen ODBC/JDBC support for SAML or even OAuth authentications. They come from the web-world, not from the DB-world.