Re: Validating alternative username/password on Oracle DB

From: Rick Wessman <rwessman_at_us.oracle.com>
Date: 28 Oct 1999 17:06:11 -0400
Message-ID: <uln8n19h8.fsf_at_us.oracle.com>

"Mike Jones" <Mike_at_mikejones.fsnet.co.uk> writes:

> I'm currently woking on a project to connect an Oracle DB to an Intranet.
>
> The intranet sever connects in via an ODBC DSN and so has a username and
> password specified for it. However any one accessing the page should have a
> normal Oracle log in to the DB and I need to validate this so that the web
> page can decide what Info to give the user.
>
> Due to the newness of all this (I've never done web based stuff before) we
> are trying to limit the web page to only issuing SELECT statements.
>
> As such I was going to create a stored function that took in a
> username/password and returned true or fale depending on wether that was
> allowed. This seems sensible to me.
>
> However, although I can get the encryted password from DBA_USERS I don't
> know how I can encrypt the password given to check against the one in
> DBA_USERS. I though I might be able to create a new user with the same
> password given and then check it that way, but oracle seems to use the
> usrename in the encryption algorithm and so I'm stuffed there too.
>
> Can anyone help me?
I can try, although since I don't know the version of the database that you're using, I can only guess.

Rather than using that method, I suggesting using a feature in Oracle8 8i that allows middle-tier servers to authenticate the client and then connect to the database as the client.

A document at http://govt.oracle.com/~tkyte/Misc/OCI-N-Tier.html describes how this is done. Since you want to use the database password to authenticate the user, just supply the client password (usually none needs to be supplied).

If you have any questions, please e-mail me. This feature is not well documented in 8i 8.1.5.

>
> mijones_at_hof.co.uk

-- 
                                        Rick
                                        Rick Wessman
                                        Security and Directory Technologies
                                        Server Technologies
                                        Oracle Corporation
                                        rwessman_at_us.oracle.com

       The statements and opinions expressed here are my own and do not
             necessarily represent those of  Oracle Corporation.

Received on Thu Oct 28 1999 - 23:06:11 CEST

This message: [ Message body ]
Next message: BHAVESH GOSAR: "Problem in SQL....??"
Previous message: Peter L: "Re: reports - unwanted fields"
In reply to Mike Jones: "Validating alternative username/password on Oracle DB"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message