Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: ### Web App Server Authentication ###

Re: ### Web App Server Authentication ###

From: Bill Coulam <bcoulam_at_usa.net>
Date: Mon, 24 Jan 2000 09:47:47 -0700
Message-ID: <388C8232.2CF97EF2@usa.net> 





If you've already received this useless answer, I apologize. What you desire
to do is possible in OAS 4. But it's been 2 years since I've used version 3,
so I can't remember if the same OWA_SEC CUSTOM option was available there.
The many Oracle authentication schemes based around Oracle accounts always
got to me. What if I don't WANT to enter 3,000 corporate users in an OAS acl
list, or as Oracle users? What if I want them to be able to self-register,
change their passwords, store their passwords in my own system's user table
that I built? What if I want to be able to track their interaction with my
system and log them out after a period of inactivity, or allow them back in
without reauthentication if their browser crashed? The built in schemes,
including the CUSTOM option, couldn't address any of this. So we came up
with our own user, security and session framework based off our own tables,
PL/SQL, and non-persistent cookies.



I'm thinking others complained to Oracle about not wanting to implement
security in the schemes they envisioned. What I've described above is being
implemented in WebDB 3.0. They're calling it "lightweight" security so that
an Oracle/OAS-based system can have millions of users if need be. Heard
about this at OpenWorld '99. Haven't heard if they'll be extending this to
OAS yet.



-best 'o luck,


bill c. (remove nullspm to reply)



Manish Vipani wrote:



> Hi all!


>


> I have a question to which I have been unable to get a successful


> answer. Here is the question::::


>


> I am using Oracle Web Application Server V3.0. I want to use an


> authentication scheme for some of the material published on our


> internet. More specifically I want to disply a popup challenge response


> box (similar to the one that pops up when you access the "admin"


> listener) when a user access a certain page. Can I cahnge the web server


> configuration such that when the user enters the userid and password,


> the authentication is done by a stored procedure that I have written? If


> so how can I accomplish this?


>


> Experts please comment....


>


> -Manish



Received on Mon Jan 24 2000 - 10:47:47 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US