| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Securing a URL, Can it be done?
If you have configured your report server using CGI, try to create a key map
file "cgicmd.dat' under $ORACLE_HOME\report60\server. In this file, add a
key for your report. Then you can invoke your report by
http://hostname:port/dev60cgi/rwcgi60.exe?yourkeyname.
Kitty
> -----Original Message-----
> From: Jared Still [SMTP:jkstill_at_bcbso.com]
> Sent: Friday, August 25, 2000 12:27 PM
> To: Multiple recipients of list ORACLE-L
> Subject: Re: Securing a URL, Can it be done?
>
>
> Thanks, but the request was just to remove the password
> from the visible URL.
>
> To actually make it secure, passing the password in the
> URL is not really a good way to go about it. There are
> better authentication methods available.
>
> Jared
>
> On Fri, 25 Aug 2000, Oliver Artelt wrote:
>
> >
> > Hi,
> >
> > that's not secure because the password will be readable sent in the
> > post-packet. You have to encrypt the password-userstring. Another thread
> here
> > is discussing storing passwords encrypted in a table, maybe you can use
> an
> > algorithm that's explained there.
> >
> > oli
> >
> > n Don, 24 Aug 2000, Jared Still wrote:
> > > Change your method to post.
> > >
> > > e.g.
> > >
> > > <FORM method=get ACTION="sql_driver.cgi">
> > >
> > > would change to:
> > >
> > > <FORM method=post ACTION="sql_driver.cgi">
> > >
> > > Jared
> > >
> > >
> > > On Thu, 24 Aug 2000, Peter Hazelton wrote:
> > >
> > > > Hello Everyone
> > > >
> > > > I have a report server set up on my machine where I am hosting some
> Oracle
> > > > Reports. Say the connect string is the following:
> > > >
> > > >
> http://mymachine:port_num/dev60cgi/rwcgi60.exe?report=test.rdf+userid=user
> /password@
> > > > hoststring+destype=cache+desfomat=HTML+server=SERVER_NAME
> > > >
> > > > This part works very well as I am able to run my report over my
> intranet no
> > > > problem. The problem I am having is that I do not want my database
> > > > username/password to show up in the URL as this poses an obvious
> security
> > > > issue.
> > > >
> > > > My plan is to make a home page where people select their report to
> run, they
> > > > click on the link and the report runs. But how do I make the link so
> that
> > > > people do not see the connection information? I would appreciate any
> help
> > > > you can give me.
> > > >
> > > > Peter
> > > >
> > > >
> > > >
> ________________________________________________________________________
> > > > Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com
> > > >
> > > > --
> > > > Author: Peter Hazelton
> > > > INET: peterhazelton_at_hotmail.com
> > > >
> > > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> > > > San Diego, California -- Public Internet access / Mailing
> Lists
> > > > --------------------------------------------------------------------
> > > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > > (or the name of mailing list you want to be removed from). You may
> > > > also send the HELP command for other information (like subscribing).
> > > >
> > >
> > >
> > > Jared Still
> > > Certified Oracle DBA and Part Time Perl Evangelist ;-)
> > > Regence BlueCross BlueShield of Oregon
> > > jkstill_at_bcbso.com - Work - preferred address
> > > jkstill_at_teleport.com - private
> > >
> > >
> > > --
> > > Author: Jared Still
> > > INET: jkstill_at_bcbso.com
> > >
> > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> > > San Diego, California -- Public Internet access / Mailing Lists
> > > --------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> > --
> > ---
> >
> > Oliver Artelt, System- und Datenbankadministration
> > ---------------------------------------------------------------
> > cubeoffice GmbH & Co.KG # jordanstrasse 7 # 39112 magdeburg
> > telefon: +49 (0)391 6 11 28 10 # telefax: +49 (0)391 6 11 28 10
> > email: oli@cubeoffice.de # web: http://www.cubeoffice.de
> > ---------------------------------------------------------------
> >
>
>
> Jared Still
> Certified Oracle DBA and Part Time Perl Evangelist ;-)
> Regence BlueCross BlueShield of Oregon
> jkstill_at_bcbso.com - Work - preferred address
> jkstill_at_teleport.com - private
>
>
> --
> Author: Jared Still
> INET: jkstill_at_bcbso.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
Received on Fri Aug 25 2000 - 13:05:54 CDT
 |
 |