Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: OAS application security

Re: OAS application security

From: John Alexander <jalexander_at_summitsoftwaredesign.com>
Date: 2000/06/28
Message-ID: <JZu65.24260$ez6.100515@typhoon.tampabay.rr.com>#1/1 






Try this:



    
  
  1.   When they log-in to your application, insert a record into a user-log
table with a unique id, the app's userid and a timestamp. At the same time
write the information to a cookie.
  
  2.   At the start of each web-page, read the cookie. If the user and unique id
in the cookie do not match a record in your user-log table, re-direct to the
login screen.






If you would like code examples, you can e-mail me:
jalexander_at_SummitSoftwareDesign.com.




<burkeblackman_at_my-deja.com> wrote in message
news:8jdgeh$n87$1_at_nnrp1.deja.com...


> Hello, I have an application written in OAS's PL/SQL that requires a

> username and password to access portions of the site.  My question is,

> is there a good way to prevent someone from guessing a username and

> simply putting in a URL that would take them into the more secure

> portion of the site.  For example, someone puts in:

> http://www.fakesite/plsql/access_account?username='testuser'

> and then they are able to access that users (testuser) information

> instead of having to go through the login screen.  Any help would be

> appreciated.

>

> Thanks,

> Burke

>

>

> Sent via Deja.com http://www.deja.com/

> Before you buy.

Received on Wed Jun 28 2000 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US