What prevents a Clarify user from directly logging into the database using SQL tools ( isql, sqlplus, etc.)?

Within Clarify, the passwords are encrypted using a proprietary encryption algorithm.  This means that if users try to login directly using SQL, they won’t be able to, as they would provide their unencrypted password, which isn’t valid.

For a bit more detail, Clarify does not maintain passwords in its tables - it uses the database for login/password validation and storage. So, Clarify has to actually log into the database as that user with the password to determine if the user is valid or not.

For even more detail - Clarify will first try to login with the given username and encrypted password. If that fails, it will then use the unencrypted password.

So, if you simply use database tools to reset a users password, the password is unencrypted, so users can login to Clarify and directly to the database using SQL tools (such as isql, sqlcmd, sqlplus, etc.).

If you use the Clarify Client to reset someone's password, the password is encrypted, so they can login using Clarify, but not directly to the database.