Re: Single logon PL/SQL and ODS Web-application
Date: Fri, 14 Apr 2000 11:29:54 GMT
Message-ID: <8d6vf8$19r$1_at_nnrp1.deja.com>
Hello Jason,
It is still not completely clear to me.
In the ON-LOGON trigger the user is the generic user. I can retrieve
the username from the information stored in the table with the random
ID. But I don't want to store (temporarily or otherwise) the password
of the user. At least not without encrypting it someway. I think there
are three ways to go about this:
1) The PL/SQL-application encrypts the password and stores it with the
username in a table. Is there a procedure like Get_Application_Property
on the server-side for determining the password? Are there standards
ways available for encrypting information?
2) In the ON-LOGON trigger the password is temporarily changed (by the
generic user). After logon the old password is restored (by the end
user account). The user is authenticated by the combination of ID and
username that are passed as parameters to the ODS-applicaton. This
combination must match the information stored in the table by the
PL/SQL-application.
3) Grant the generic user the right to become someone else. I think
that is possible with 8i.
With regards,
Onno
In article <8d2kgq$3a5$1_at_inet16.us.oracle.com>,
"Jason Pepper" <jpepper_at_uk.oracle.com> wrote:
> Put the following code in your ON-LOGON trigger to get an idea of how
it
> works.
> The user you are logging in as needs normal priveliges.
>
> DECLARE
> un VARCHAR2(80);
> pw VARCHAR2(80);
> cn VARCHAR2(80);
> BEGIN
> /*
> ** Get the connection info
> */
> un := Get_Application_Property(username);
> pw := Get_Application_Property(password);
> cn := Get_Application_Property(connect_string);
>
> message(' You are logged in as '||un||'/'||pw||'_at_'||cn);
>
> IF un = un THEN
> LOGON(un,pw||'_at_'||cn);
> END IF;
>
> exception
> when others then
> message('Oops '||sqlerrm);
> END;
>
> --
> Regards
>
> Jason
>
>
> __
>
> Jason Pepper - Enterprise Internet Tools Product Management
>
> __
>
> Opinions are mine and do not necessarily reflect those of Oracle
Corporation
>
> <onno0503_at_my-deja.com> wrote in message
news:8cv3gg$e6b$1_at_nnrp1.deja.com...
> > I expected it would not be possible. I think I will try the
following
> > scheme:
> >
> > 1) Call PL/SQL procedure that generates an random ID and stores it
with
> > the user name and timestamp in a table. The procedure then performs
an
> > URL redirection to the ODS-application passing the ID as a parameter
> > and a generic un/pw.
> > 2) The logon-trigger in the ODS-application is then used to
determine
> > the user from the passed ID. Also, the record will be removed or
> > invalidated.
> >
> > Now I have another question: how is the re-logon performed? Is there
> > more than one way to do that? I suppose the generic user needs
> > privileges to be able to logon as another user. What are these?
> >
> > With regards,
> > Onno
> >
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
Received on Fri Apr 14 2000 - 13:29:54 CEST