Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle Webserver - User Authentication

Re: Oracle Webserver - User Authentication

From: Thomas Kyte <tkyte_at_us.oracle.com>
Date: Wed, 25 Nov 1998 16:27:21 GMT
Message-ID: <365f2f6b.10993017@192.86.155.100> 





A copy of this was sent to kelly_parkinson_at_albertsons.com
(if that email address didn't require changing)
On Wed, 25 Nov 1998 15:22:37 GMT, you wrote:



>We have written a browser application that requires a user


>signon/authentication.	The application supports a client/server application


>that has its own built-in security concept, and we are trying to pattern the


>browser security after the client (for ease of maintenance).  The client


>application uses Oracle security for its initial check to ensure the user is


>a valid user of the database.  Users are defined to the database with only


>connect privileges.  When a user provides a userid and password, the


>application attempts a signon.	If it is successful, the application then


>issue a reconnect and signs on as a "super user" with all privileges.  The


>rest of the security features within the application are controlled by the


>application itself.  We would like to do a similar thing, but it seems we


>can't issue the connects from inside webserver which itself is signed on as


>webuser -- another super user.	Any thoughts?


>


>-----------== Posted via Deja News, The Discussion Network ==----------


>http://www.dejanews.com/       Search, Read, Discuss, or Start Your Own    






You don't say what version of the OAS you are using or what cartridge.  I'll
assume 3.0 or up and the pl/sql cartridge.



In that case, you should use ORACLE_BASIC to protect the URLs that represent
your application.  You would also create a DAD with your super user name and
password.  In that way, OAS will ask the client browser for a username and
password which it will validate against the database using Oracle_Basic, and
then use the super user name and password stored with the DAD to actually log in
and run the procedure with....


 


Thomas Kyte


tkyte_at_us.oracle.com


Oracle Government


Herndon VA



--


http://govt.us.oracle.com/    -- downloadable utilities
 




Opinions are mine and do not necessarily reflect those of Oracle Corporation
 


Anti-Anti Spam Msg: if you want an answer emailed to you, 
you have to make it easy to get email to you.  Any bounced
email will be treated the same way i treat SPAM-- I delete it.
Received on Wed Nov 25 1998 - 10:27:21 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US