DBWalker Authentication Overview

There are two ways to do authentication with the remote database. Authentication information can be stored in the config file, or it can be provided dynamically.

If a username and password are provided in the configuration, then that user/pass will be used for every request for that config. This has the advantage that users never have to input a username/password, but also has the security disadvantage that anyone who opens the website can see the data. Depending on the contents of the database, this may or may not be significant.

The other option is to not include a username or password in the configuration. When DBWalker is invoked by in this situation, it will prompt for a username/password (via Basic authentication). If the remote database accepts the credentials, the page is displayed. For the Search Appliance to walk these pages, it will have to know a valid username/password for the pages. This is supplied in the Login Info of All Walk Settings ((here).

This integrates well with Results Authorization. if the Search Appliance's search is set to use Authorized Search Results with "Prompt via Form", the credentials will automatically be verified with DBWalker.

To summarize a few key points:

  • If you include a username and password in the DBWalker config, anyone will be able to see the results, including searches with Results Authorization in use: any user's login will work since the correct user/pass is "built in" to the DBWalker config.

  • If no user/pass is included in the config, then users will have to supply their own username/password, and the config can be used properly with Results Authorization.

  • If no user/pass is included in the config, be sure to put a valid username/password in theLogin Info (pg. here) section of any profile that uses it so the Search Appliance is able to index the content. If the Search Appliance can't see the results, then no searches will find it!


Copyright © Thunderstone Software     Last updated: Nov 8 2024
Copyright © 2024 Thunderstone Software LLC. All rights reserved.