| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Securing a URL, Can it be done?
Hi,
that's not secure because the password will be readable sent in the post-packet. You have to encrypt the password-userstring. Another thread here is discussing storing passwords encrypted in a table, maybe you can use an algorithm that's explained there.
oli
n Don, 24 Aug 2000, Jared Still wrote:
> Change your method to post.
>
> e.g.
>
> <FORM method=get ACTION="sql_driver.cgi">
>
> would change to:
>
> <FORM method=post ACTION="sql_driver.cgi">
>
> Jared
>
>
> On Thu, 24 Aug 2000, Peter Hazelton wrote:
>
> > Hello Everyone
> >
> > I have a report server set up on my machine where I am hosting some Oracle
> > Reports. Say the connect string is the following:
> >
> > http://mymachine:port_num/dev60cgi/rwcgi60.exe?report=test.rdf+userid=user/password@
> > hoststring+destype=cache+desfomat=HTML+server=SERVER_NAME
> >
> > This part works very well as I am able to run my report over my intranet no
> > problem. The problem I am having is that I do not want my database
> > username/password to show up in the URL as this poses an obvious security
> > issue.
> >
> > My plan is to make a home page where people select their report to run, they
> > click on the link and the report runs. But how do I make the link so that
> > people do not see the connection information? I would appreciate any help
> > you can give me.
> >
> > Peter
> >
> >
> > ________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> > --
> > Author: Peter Hazelton
> > INET: peterhazelton_at_hotmail.com
> >
> > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> > San Diego, California -- Public Internet access / Mailing Lists
> > --------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
> >
>
>
> Jared Still
> Certified Oracle DBA and Part Time Perl Evangelist ;-)
> Regence BlueCross BlueShield of Oregon
> jkstill_at_bcbso.com - Work - preferred address
> jkstill_at_teleport.com - private
>
>
> --
> Author: Jared Still
> INET: jkstill_at_bcbso.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
-- --- Oliver Artelt, System- und Datenbankadministration --------------------------------------------------------------- cubeoffice GmbH & Co.KG # jordanstrasse 7 # 39112 magdeburg telefon: +49 (0)391 6 11 28 10 # telefax: +49 (0)391 6 11 28 10 email: oli@cubeoffice.de # web: http://www.cubeoffice.deReceived on Fri Aug 25 2000 - 09:39:42 CDT
 |
 |