Home » Developer & Programmer » Application Express, ORDS & MOD_PLSQL » owa_cookie encrypt cookie
owa_cookie encrypt cookie [message #209770] Sun, 17 December 2006 18:47 Go to next message
basirana
Messages: 25
Registered: July 2006
Junior Member
the below procedure is used for authentication. once the user is authenticated. if it is success I am try to create cookie.
I need help to encrypt the cookie that is been created.
I am not sure how to do encryption of cookie. can you please help me with sample program to encrypt the cookie.

CREATE OR REPLACE PROCEDURE Web_Authenticate_Cookie
     (In_LogIn     VARCHAR2,
      In_Password  VARCHAR2 := NULL,
      In_Origin    VARCHAR2)
AS
  v_LogIn     VARCHAR2(255);
  v_Password  VARCHAR2(255);
  v_Message   VARCHAR2(2000);
  v_eMail     VARCHAR(255);
  uId_Cookie  VARCHAR2(500);
BEGIN
  SELECT eMail
  INTO   v_eMail
  FROM   Table_Name
  WHERE  UID = In_LogIn;
  
  v_Message := Func_ldap_auth(In_LogIn,In_Password);
  
  IF v_Message = 'success' THEN
    owa_Cookie.Send('uid',In_LogIn);
    
    htp.Print('<a href="[url]http://localhost/auth/access_cookie[/url]">click here</a>');
  END IF;
END;
/



CREATE OR REPLACE PROCEDURE Access_Cookie
AS
  uId_Cookie  VARCHAR2(500);
BEGIN
  uId_Cookie := owa_Cookie.Get('uid');
  
  htp.Print(uId_Cookie);
END;
/


thanks

Report message to a moderator

Re: owa_cookie encrypt cookie [message #209953 is a reply to message #209770] Mon, 18 December 2006 11:54 Go to previous messageGo to next message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
Originally for Oramag:

create or replace FUNCTION Xorbin(c1 CHAR,c2 CHAR) RETURN CHAR IS
  loop1   NUMBER;
  loop11  NUMBER;
  r1     VARCHAR2(8);
  r2     VARCHAR2(8);
  r3     NUMBER;
  result VARCHAR2(40);
  divis  NUMBER;
BEGIN
  result := '';
  FOR loop1 IN 1..LENGTH(c1) LOOP
    r1 := Convbin(SUBSTR(c1,loop1,1));
    r2 := Convbin(SUBSTR(c2,loop1,1));
    divis := 128;
    r3    := 0;
    FOR loop11 IN 1..8 LOOP
      IF TO_NUMBER(SUBSTR(r1,loop11,1))+TO_NUMBER(SUBSTR(r2,loop11,1))=1 THEN
        r3 := r3 + divis;
      END IF;
      divis := divis / 2;
    END LOOP;
    result := result || CHR(r3);
  END LOOP;
  RETURN(result);
END;
/


create or replace FUNCTION Convbin(c1 CHAR) RETURN CHAR IS
  loop1  NUMBER;
  value NUMBER;
  divis NUMBER;
  r1    VARCHAR2(30);
-- encryption encrypt crypt unencrypt in Oracle

BEGIN
  r1 := '';
  value := ASCII(c1);
  divis := 128;
  FOR loop1 IN 0..7 LOOP
    IF TRUNC(value/divis) = 1 THEN
      r1 := r1 || '1';
    ELSE
      r1 := r1 || '0';
    END IF;
    value := value MOD divis;
    divis := divis / 2;
  END LOOP;
  RETURN r1;
END;
/

-- SET serveroutput ON
-- DECLARE
--   result  VARCHAR2(30);
--   mask    VARCHAR2(30);
-- BEGIN
--   mask    := 'abc'; /* Must be greater or equal to the value that
--                        will be "Crypted" */
--
--   result := XORBIN('ABD',mask);  /* "Crypt" */
--   dbms_output.put_line(result);
--
--   result := XORBIN(result,mask); /* "Unencrypt" */
--   dbms_output.put_line(result);
--
-- END;
-- /



http://fdegrelle.over-blog.com/article-1001066.html

Report message to a moderator

Re: owa_cookie encrypt cookie [message #209954 is a reply to message #209953] Mon, 18 December 2006 11:57 Go to previous messageGo to next message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
I suppose it's better to encrypt cookies - but remember that that a browser will only return a cookie to the website that set it - so they are generally safe.

Report message to a moderator

Re: owa_cookie encrypt cookie [message #210861 is a reply to message #209954] Fri, 22 December 2006 12:53 Go to previous message
filipe.silva
Messages: 3
Registered: December 2006
Junior Member
The user can see and change the cookies. The reason to encrypt them is to try to avoid the user to easily do that.

Report message to a moderator

Previous Topic: HTML_DB please help on this
Next Topic: Dynamic get the parameters values of a procedure?
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Dec 04 19:43:47 CST 2024
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.