Created On:  17 November 2010

Problem:

Can you hide the XA Open String from the Enterprise Server web admin page? Is it possible to hide the XA Open String from publically available Enterprise Server web administration pages? For security reasons, I don't want to expose the RDBMS connect criteria through the XA open string.

Resolution:

From Net Express 5.0 Websync 5, and the latest hotfix for Server Express 5.0 Websync 4, it is now possible to programmatically specify the XA open string within the switch module source itself.

The latest switch module sources are attached to this article.

Looking firstly at the DB2 (ESDB2XA.CBL) and Oracle (ESORAXA.CBL) switch modules, searching for CUSTOMIZE within the source, you will see code such as this, with the xa-open section.

        *> For example:
        *>
        *> MOVE z"DB=SAMPLE,uid=myuid,pwd=mypasswd,AXLIB=casaxlib.dll"
        *>      TO ws-open-string

           CALL DB2XA-open-entry USING     BY REFERENCE ws-open-string
                                           BY VALUE lk-rmid
                                           BY VALUE lk-flags
                                 RETURNING ws-open-rc
           END-CALL

           GOBACK RETURNING ws-open-rc

or for Oracle

        *> For example:
        *>
        *> MOVE z"Oracle_XA SesTm=100 SqlNet=DNSName Acc=P/uid/passwd"
        *>      TO ws-open-string

           CALL ORAXA-open-entry USING BY REFERENCE ws-open-string
                                       BY VALUE lk-rmid
                                       BY VALUE lk-flags
                             RETURNING ws-open-rc
           END-CALL

           GOBACK RETURNING ws-open-rc

Immediately before the CALL statement, you must code the complete XA open string as a NULL terminated string, that is  z"....".

This will override the XA open string specified within the Enterprise Server web administration pages, allowing you to leave that field blank, if desired.

Within the DB2 one-phase commit (ESDB2OPC.CBL) or Oracle one-phase commit (ESORAOPC.pco) sources, the implementation is slightly different. Again, search for CUSTOMIZE, and you will see code such as this :

        *> CUSTOMIZE
        *> If you don't want to make the userID and password visible
        *> within the ES configuration pages, then code them directly
        *> here. Likewise for the ConnectionName to be used.

        *> MOVE "mydsn"      TO DbString
        *> MOVE "myuserid"   TO UidString
        *> MOVE "mypassword" TO PwdString

        *> Ensure that at minimum, a DSN has been passed via the
        *> Open String.

           IF DbString = LOW-VALUES
              OR (UidString = LOW-VALUES AND PwdString NOT = LOW-VALUES)
              OR (UidString NOT = LOW-VALUES AND PwdString = LOW-VALUES)
              MOVE -2 TO ws-open-rc

Immediately before the IF statement, you must, at minimum, specify the server name to connect to, within DbString. This will be the name of the cataloged alias (DB2), or TNS alias for the server (Oracle). If required for connection, you should also code the user ID (UidString) and password (PwdString).

For the ODBC one-phase commit switch module (ESODBCXA.CBL) and SQL Server XA switch module (ESMSSQL.CBL) under Net Express, the implementation is similar to that for the DB2 and Oracle one-phase commit sources:

        *> CUSTOMIZE
        *> If you don't want to make the userID and password visible
        *> within the ES configuration pages, then code them directly
        *> here. Likewise for the ConnectionName to be used.

        *> MOVE "mydsn" TO DsnString
        *> MOVE "myuserid.mypasswd" TO UsrPassString

        *> Ensure that at minimum, a DSN has been passed via the
        *> Open String.

           IF DsnString = LOW-VALUES
              MOVE -2 TO ws-open-rc

where the ODBC Data Source Name (DSN), which should be specified as a System DSN, is coded in DsnString, and the user ID/password, if required, within UsrPassString per the example above.

This article also applies to Enterprise Server running under Server Express on UNIX platforms.