Protecting Packages in PL/SQL Catridge (OWAS 3.0)

Hi Everybody,

I have written a web application using PL/SQL Catridge on OWAS 3.0. The application consists of several packages.

The PL/SQL Cartridge enables a client to enter a URL that directly specifies a PL/SQL procedure to be executed by the Oracle Server. I want to protect the packages so that the only procedures that should be made available in this fashion is the one which is the entry point into the application.

OWAS online documentation states that :

The PL/SQL Cartridge lets you enforce this by protecting packages. A protected package can only be executed by another stored procedure, not directly by a URL. By default, all the OWA utilities provided with the Web Application Server are protected. Other packages are by default unprotected. To override the default, use the PL/SQL Cartridge configuration section of the Web Application Server Manager to change the package_protect parameter. A value of TRUE means the package can be executed from a browser.

I tried with the value of package_protect parameter set to both TRUE & FALSE, but my packages where not protected and I could invoke them specifying a URL in the browser.

Has anybody tried protecting packages or knows where I could get more information. Please let me know.

Thanks in advance.

Harinder Received on Thu Jul 23 1998 - 03:05:24 CDT