Oracle Web Server security
Date: 1997/03/07
Message-ID: <33202661.58491296_at_news.duke.edu>#1/1
I want to put digest security on one of the services that retrieves sensitive data for internal users. I've defined digest security for the listener, put the privileged id MGR_USER into a privileged group MGR_GROUP and it into a realm MGR_REALM. And I've set security for the vpath to the cgi directory containing owa.exe and representing the name of the privileged service, ie the URL is:
http://www.myserver.com:8000/mgr_user/owa/procname
directory mapping is
c:\orant\ows10\bin /mgr_user
and service is defined for MGR_USER with an appropriate Oracle Id/pw with privileges to select from the secured table.
In the protection section of ows8000.cfg:
file type realm ---- ------- --------- /mgr_user DIGEST MGR_REALM
I though I coverec all the bases. But even though I get a security pop up window warning me about unsecrued data being transferred (the one with the checkbox disabling seeing the message again) I do not get prompted for ID and password. So I assume the report service is not secured.
What am I missing?
BTW I'm using Webserver 1.0 and BTW, the Oracle documentation stinks.
Does Webserver 2.x have features worth shelling out the extra $$$$ for?
Thanks
Robert Gordon Received on Fri Mar 07 1997 - 00:00:00 CET