DB2 JavaScript request filter

The JavaScript request filter is the most flexible of all request filters. It can potentially be called for any request packet type, and can modify traffic in any way it sees fit.

Parameters

• Packet types : optional. If specified, a comma-separated list of packet types for which this filter should be called, for instance:  SECCHK. Spaces are ignored. If this is not specified, the filter will be invoked for all request packets.

• Client IPs: optional. If specified, a comma-separated (or line break separated) list of IP4 or IP6 addresses or regular expressions for IP addresses. Example: 12.34.56.78,regex:98\.76\.54\..*

• Users: optional. If specified, a comma-separated (or line break separated) list of user names or regular expressions for database user names. Example: jdoe,wsmith,regex:acct_.*,regex:.*-mkt

Example: change the login user ID and password

When using standard user id/password authentication, a DB2 client starts a connection to the database by sending (among other things) a SECCHK packet.

It is therefore possible to intercept that packet and modify it.

To do so, you would create a JavaScript request filter with the parameter:

• Packet types: SECCHK

You would then add the following code to the filter:

if (context.packet.USERID === 'db2inst1') {

    if (context.packet.PASSWORD !== 'Password1') {

        log.info("Correcting password...");

        context.packet.PASSWORD = 'Password1';

    }

    else {

        log.info("Password is correct");

    }

}