| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> File upload using custom authentication
Hi,
When using the steps outlined in "Oracle 9i Application Server Using the PL/SQL Gateway" to enable file uploads/downloads, it seems that the only way to secure the upload ability is to verify the user's Oracle ID and password (ie make sure they are valid database users by leaving the username and password entries blank in the DAD).
This doesn't work for my purposes since our system uses custom authentication/security and, therefore, our users don't all have Oracle accounts.
I would like to ensure that only users that have passed our custom authentication/security checks have access to the DAD that provides the file upload/download ability.
One possibility I can see involves the following steps :
1) create the file upload DAD using database authentication 2) create a new user/password for accessing the new DAD 3) redirect authenticated users from our public DAD to the file uploadDAD using the newly created user/password
The problems I'm having are that I don't know how to redirect/log them in transparently and I don't want the users to know the username/password that is being used to login to the file upload DAD.
Is there a way to do this securely? Are there any other ways to do this apart from using iFS (which is beyond our needs for the moment)?
Thanks, TC Received on Wed Nov 17 2004 - 16:35:39 CST
 |
 |