Re: File upload using custom authentication

"Tommy C." <tommyc77_at_gmail.com> wrote in message news:b54cdaf6.0411171435.1ea4210b_at_posting.google.com...
| Hi,
|
| When using the steps outlined in "Oracle 9i Application Server Using
| the PL/SQL Gateway" to enable file uploads/downloads, it seems that
| the only way to secure the upload ability is to verify the user's
| Oracle ID and password (ie make sure they are valid database users by
| leaving the username and password entries blank in the DAD).
|
| This doesn't work for my purposes since our system uses custom
| authentication/security and, therefore, our users don't all have
| Oracle accounts.
|
| I would like to ensure that only users that have passed our custom
| authentication/security checks have access to the DAD that provides
| the file upload/download ability.
|
| One possibility I can see involves the following steps :
| 1) create the file upload DAD using database authentication
| 2) create a new user/password for accessing the new DAD
| 3) redirect authenticated users from our public DAD to the file upload
| DAD using the newly created user/password
|
| The problems I'm having are that I don't know how to redirect/log them
| in transparently and I don't want the users to know the
| username/password that is being used to login to the file upload DAD.
|
| Is there a way to do this securely? Are there any other ways to do
| this apart from using iFS (which is beyond our needs for the moment)?
|
| Thanks, TC

tommy,

i don't have time for a detailed reply now, but this sounds like exactly what we did on my last project -- DAD with credentials, custom authentication, only authorized users could upload -- might not be til next week that i can take a look at the details, but i think custom auth should give you exactly what you're asking for

++ mcs Received on Wed Nov 17 2004 - 20:10:49 CST