Home » RDBMS Server » Security » Authentication in Stored Procedure
Authentication in Stored Procedure [message #4194] Sat, 16 November 2002 08:28 Go to next message
Ro
Messages: 3
Registered: November 2002
Junior Member
I have some important stored procedures that i don't want unwanted guestes access into such as www.myserver.com/plsql/admin , www.myserver.com/plsql/editnews,etc... So I want when someone accesses these stored procedures, it will popup a Authentication Dailog looks like the one when you put a .htaccess in a folder under Apache. Is it possible ?
Any help is appreciated.
Best regards,
Ro.
Re: Authentication in Stored Procedure [message #4203 is a reply to message #4194] Mon, 18 November 2002 07:01 Go to previous message
Mahesh Rajendran
Messages: 10699
Registered: March 2002
Location: oracleDocoVille
Senior Member
Account Moderator
yes. We have done something similiar to this.
but u have to still use the .htaccess or any web form.
concept is
1. By default all these users (regular users, who need 
   this kind of authentication) are not GRANTED with
   the concerned privilege.
2. so, when the user is asked for authentication( username / password) a forked process (procedure)
   should grant the requuired execute priv directly
   to user.
3. once  the user is done and logged off, 
   again another process( procedure) should be
   executed, so the granted privs to execute the
   procedure are revoked from that user.

use dynamic sql to grant /revoke the privs using stored procedure. Make sure, you are not giving the privs via roles.
Becuase pl/sql wont understand privs made via roles. 

   

Previous Topic: still doubt in roles
Next Topic: Why do we require password while creating a ROLE?
Goto Forum:
  


Current Time: Tue May 24 09:46:50 CDT 2022