Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> OAS application security
Hello, I have an application written in OAS's PL/SQL that requires a username and password to access portions of the site. My question is, is there a good way to prevent someone from guessing a username and simply putting in a URL that would take them into the more secure portion of the site. For example, someone puts in: http://www.fakesite/plsql/access_account?username='testuser' and then they are able to access that users (testuser) information instead of having to go through the login screen. Any help would be appreciated.
Thanks,
Burke
Sent via Deja.com http://www.deja.com/
Before you buy.
Received on Wed Jun 28 2000 - 00:00:00 CDT