Re: OAS 4.07 -> Binding an application to a listener?

You can ckeck, in your custom authentication model, the server port through that the client connects with the application: OWA_UTIL.GET_CGI_ENV('SERVER_PORT')
and to give access based on it.

On Fri, 21 Jan 2000 15:27:38 +1100, "Michael Cretan" <mcretan_at_hotmail.com> wrote:

>Hi there,
>
>We're developing an application using PL/SQL cartridge of Oracle Application
>Server 4.07 on Windows NT 4.0 (on an 8.05 DB)
>
>We want to force the user authentication (which uses the PL/SQL 'custom'
>authentication model - i.e. stored authorize function) to go through SSL,
>and also to prevent access to the application through un-encrypted HTTP.
>
>My first approach has been to create a new listener which only has SSL, with
>a different virtual host name to my standard (un-encrypted) http listener.
>The logic is that when the user wants to access any of the PLSQL
>application, this listener will first negotiate an SSL session, and then
>prompt the user for a username and password in and encrypted session.
>Subsequent traffic to and from my PLSQL application is also encrypted.
>
>This is fine in theory, but I can't figure out how to prevent access to my
>application through the standard (un-encrypted) listener. The user can
>still type http://{host}/{application}/{cartridge} and get access to the
>application.
>
>I noticed in the documentation that there used to be an option in the
>application -> web parameters form for restricting applications to certain
>listeners, but its been removed from the application (nor has it returned in
>OAS 4.0.8.1)
>
>Is there another way that this can be done ??
>
>Thanks in advance,
>
>Mike Cretan
>email: mcretan_at_ozemail.com.au
>
>
Received on Fri Jan 28 2000 - 12:02:19 CET