|
i am logged in as other person in forms application [message #442990 is a reply to message #442978] |
Thu, 11 February 2010 21:54   |
nastyjillu
Messages: 211 Registered: February 2009
|
Senior Member |
|
|
hi,
i wrote similar question in other post. anyway i didnot get any reply for that question.
my new question is:
when i open my forms application by double clicking a shortcut,
it first opens a browser which will have URL like below given one:
https://app.company_name.com:1234/forms/frmservlet?form=first_form.fmx&otherparams=connectRow%3SAASZgPFFAGAAAgXVAAA
then it opens the application.
if i copy the URL and open other IE browser and paste the URL and change the countrow% in URL to 3SAASZgPFFAGAAAgXVAAB it logs me in as other person. that too in production. which is a security issue.
so i want to know how to solve this issue.
how is OAS or oracle HTTP server is assigning these URL's??
and how to stop this??
few end users got this issue. their application was hung up and when they again opened the application, they logged in as other person.
to replicate the issue , i played trial and error and i could log in as other person when i changed URL .
does single sign on helps in solving this issue? does single sign on works only when i enter login id and password??
because in my case i didnt give any login , i directly gave the URL in browser and hit enter which opened application with other employees name.
i saw formconfig file which had single sign on as false for some setting. i think this is creating problem as SSO is used for authentication.
i might be wrong though
i appreciate your help
thanks
jillu
thanks
jillu
|
|
|
|
Re: how URL is assigned to different users when forms apps is launched? [message #445578 is a reply to message #442978] |
Tue, 02 March 2010 12:12  |
Kaeluan
Messages: 179 Registered: May 2005 Location: Montreal, Quebec
|
Senior Member |
|
|
Hi,
I don`t know how your application work, but how you start it?
For me when i start my application i click on a shortcut file on my desktop and it open the application using the link in the shortcut. But this is a static URL. But for you if you get a different URL each time you start it, it must be some kind of program that generate your URL to call the browser.
What version of application Server you are using?
From what i know the parameter "connectRow" is not an oracle parameter. But it seem to be a user defined parameter so probably your form is using it maybe in the pre-form trigger.
Sorry but i can`t help you more without more info.
|
|
|