OAS 4.07 -> Binding an application to a listener?

We're developing an application using PL/SQL cartridge of Oracle Application Server 4.07 on Windows NT 4.0 (on an 8.05 DB)

We want to force the user authentication (which uses the PL/SQL 'custom' authentication model - i.e. stored authorize function) to go through SSL, and also to prevent access to the application through un-encrypted HTTP.

My first approach has been to create a new listener which only has SSL, with a different virtual host name to my standard (un-encrypted) http listener. The logic is that when the user wants to access any of the PLSQL application, this listener will first negotiate an SSL session, and then prompt the user for a username and password in and encrypted session. Subsequent traffic to and from my PLSQL application is also encrypted.

This is fine in theory, but I can't figure out how to prevent access to my application through the standard (un-encrypted) listener. The user can still type http://{host}/{application}/{cartridge} and get access to the application.

I noticed in the documentation that there used to be an option in the application -> web parameters form for restricting applications to certain listeners, but its been removed from the application (nor has it returned in OAS 4.0.8.1) Is there another way that this can be done ??

Thanks in advance,

Mike Cretan
email: mcretan_at_ozemail.com.au Received on Fri Jan 21 2000 - 05:27:38 CET