| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: proxy authentication and passwords
foothillbiker wrote:
> On Feb 22, 11:23 pm, "Jonathan Lewis" <jonat..._at_jlcomp.demon.co.uk>
> wrote:
>> "foothillbiker" <foothillbi..._at_gmail.com> wrote in message >> >> news:1172195190.580328.175720_at_v33g2000cwv.googlegroups.com... >> >> >> >>> So, again, it would seem that anybody who knows a userid can login, >>> unless we do something OTHER authentication along the way. >>> REgards, >>> Chas. >> That is correct. >> >> There is a built-in assumption with this approach that the >> end user first has to authenticate himself/herself to the >> application server. (This may make proxy user seem an >> odd implementation in the days of LDAP and SSO, but >> proxy user has been around for a long time). >> >> -- >> Regards >> >> Jonathan Lewishttp://jonathanlewis.wordpress.com >> >> Author: Cost Based Oracle: Fundamentalshttp://www.jlcomp.demon.co.uk/cbo_book/ind_book.html >> >> The Co-operative Oracle Users' FAQhttp://www.jlcomp.demon.co.uk/faq/ind_faq.html
Look in gv$session and see if anything is being passed through that is usable.
Run the SYS_CONTEXT function with different USERENV values and see if anything being passed in is usable.
It is entirely possible that you underlying architecture has gutted your security. Welcome to the latest buzzword paradigm that is more hyperbole than usable.
-- Daniel A. Morgan University of Washington damorgan_at_x.washington.edu (replace x with u to respond) Puget Sound Oracle Users Group www.psoug.orgReceived on Sat Feb 24 2007 - 13:31:23 CST
 |
 |