The vast majority of our customers uses Windows authentication. However, this poses some security risks. Users can, for example, if they have access to a SQL Server Management Studio, log in to the database and request data to which they do not have access to in Transpas.
However, various authentication options are available to log in to Transpas.
One of these is Transpas Enterprise Authentication. This is a more secure way of authentication because this way Windows users do not have to access the database this way. Authentication with the database is done through a proxy user.
¶ Change password
Users can, if they have access to Transpas, change the password themselves.
This can be done via File > Settings > Change password.
When a user does not (or does no longer) have access or is created for the first time, the password can be changed in the Users screen.
¶ Set up
Before Transpas Enterprise authentication can be used, access to the database must first be set up. As mentioned earlier, Windows authentication is done via the user. With Transpas Enterprise authentication, this is done via a proxy user.
¶ SQL Server
Create a new login on the SQL Server with SQL Server authentication.
Set a strong password and uncheck the boxes Enforce password expiration and User must change password at next login.
Go to the Server Roles tab and check the sysadmin role, then click OK.
¶ Transpas
To ensure that the password cannot be read by users, the password is encrypted.
Open Transpas and go to File > Settings > Encode.
Enter the password of the account you just created, press OK and copy the text that appears.
¶ Ini
Finally, set the created user in the ini of Transpas. Add the two lines below:
DBUSER=transpas
DBPASSWORD=1C282B69CE8C42E08C69C82B
Replace the value after DBUSER with the created username.
Replace the value behind DBPASSWORD for the string that returns from the Encode function in the previous step.
Users can now use Transpas Enterprise authentication, without their Windows account having rights to the database, provided that a user has been created for them in Transpas and a password has been set. To set the password, see the Change password heading above.
¶ Hashing
Passwords are stored in plain text by default. It is also possible to use password hashing. To do that, add the following to the ini:
USERALGORITHM=SHA1
When changing or setting up hashing for the first time, all passwords already set will no longer work. Set a new password for all users.
The different ways of changing the password take the used algorithm into account. However, it is important that the setting USERALGORITHM is also present in the TPENT.ini in the directory of the TPENT.exe file.