Re: Single logon PL/SQL and ODS Web-application

From: <onno0503_at_my-deja.com>
Date: Fri, 14 Apr 2000 11:29:54 GMT
Message-ID: <8d6vf8$19r$1_at_nnrp1.deja.com>


Hello Jason,

It is still not completely clear to me.

In the ON-LOGON trigger the user is the generic user. I can retrieve the username from the information stored in the table with the random ID. But I don't want to store (temporarily or otherwise) the password of the user. At least not without encrypting it someway. I think there are three ways to go about this:
1) The PL/SQL-application encrypts the password and stores it with the username in a table. Is there a procedure like Get_Application_Property on the server-side for determining the password? Are there standards ways available for encrypting information? 2) In the ON-LOGON trigger the password is temporarily changed (by the generic user). After logon the old password is restored (by the end user account). The user is authenticated by the combination of ID and username that are passed as parameters to the ODS-applicaton. This combination must match the information stored in the table by the PL/SQL-application.
3) Grant the generic user the right to become someone else. I think that is possible with 8i.

With regards,
Onno

In article <8d2kgq$3a5$1_at_inet16.us.oracle.com>,   "Jason Pepper" <jpepper_at_uk.oracle.com> wrote:
> Put the following code in your ON-LOGON trigger to get an idea of how
it
> works.
> The user you are logging in as needs normal priveliges.
>
> DECLARE
> un VARCHAR2(80);
> pw VARCHAR2(80);
> cn VARCHAR2(80);
> BEGIN
> /*
> ** Get the connection info
> */
> un := Get_Application_Property(username);
> pw := Get_Application_Property(password);
> cn := Get_Application_Property(connect_string);
>
> message(' You are logged in as '||un||'/'||pw||'_at_'||cn);
>
> IF un = un THEN
> LOGON(un,pw||'_at_'||cn);
> END IF;
>
> exception
> when others then
> message('Oops '||sqlerrm);
> END;
>
> --
> Regards
>
> Jason
>
>




> __
>
> Jason Pepper - Enterprise Internet Tools Product Management
>



> __
>
> Opinions are mine and do not necessarily reflect those of Oracle
Corporation
>
> <onno0503_at_my-deja.com> wrote in message
news:8cv3gg$e6b$1_at_nnrp1.deja.com...
> > I expected it would not be possible. I think I will try the
following
> > scheme:
> >
> > 1) Call PL/SQL procedure that generates an random ID and stores it
with
> > the user name and timestamp in a table. The procedure then performs
an
> > URL redirection to the ODS-application passing the ID as a parameter
> > and a generic un/pw.
> > 2) The logon-trigger in the ODS-application is then used to
determine
> > the user from the passed ID. Also, the record will be removed or
> > invalidated.
> >
> > Now I have another question: how is the re-logon performed? Is there
> > more than one way to do that? I suppose the generic user needs
> > privileges to be able to logon as another user. What are these?
> >
> > With regards,
> > Onno
> >
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.
>
>

Sent via Deja.com http://www.deja.com/
Before you buy. Received on Fri Apr 14 2000 - 13:29:54 CEST

Original text of this message