DB2 JavaScript request filter
The JavaScript request filter is the most flexible of all request filters. It can potentially be called for any request packet type, and can modify traffic in any way it sees fit.
Parameters
Packet types : optional. If specified, a comma-separated list of packet types for which this filter should be called, for instance: SECCHK. Spaces are ignored. If this is not specified, the filter will be invoked for all request packets.
Client IPs: optional. If specified, a comma-separated (or line break separated) list of IP4 or IP6 addresses or regular expressions for IP addresses. Example: 12.34.56.78,regex:98\.76\.54\..*
Users: optional. If specified, a comma-separated (or line break separated) list of user names or regular expressions for database user names. Example: jdoe,wsmith,regex:acct_.*,regex:.*-mkt
Example: change the login user ID and password
When using standard user id/password authentication, a DB2 client starts a connection to the database by sending (among other things) a SECCHK packet.
It is therefore possible to intercept that packet and modify it.
To do so, you would create a JavaScript request filter with the parameter:
Packet types: SECCHK
You would then add the following code to the filter:
if (context.packet.USERID === 'db2inst1') {
if (context.packet.PASSWORD !== 'Password1') {
log.info("Correcting password...");
context.packet.PASSWORD = 'Password1';
}
else {
log.info("Password is correct");
}
}