Re: authenticating user to Oracle - without supplying password

Home -> Community -> Usenet -> c.d.o.server -> Re: authenticating user to Oracle - without supplying password - Single sign on

From: Snewber <s_at_s.com>
Date: Mon, 1 Nov 2004 10:26:55 +1000
Message-ID: <cm3vsi$ql1$1@bunyip.cc.uq.edu.au>

I would think about using a log on trigger to check sys_context information such as some of the following:

select

  SYS_CONTEXT('USERENV','TERMINAL') terminal,
  SYS_CONTEXT('USERENV','LANGUAGE') language,
  SYS_CONTEXT('USERENV','SESSIONID') sessionid,
  SYS_CONTEXT('USERENV','INSTANCE') instance,
  SYS_CONTEXT('USERENV','ENTRYID') entryid,
  SYS_CONTEXT('USERENV','ISDBA') isdba,
  SYS_CONTEXT('USERENV','NLS_TERRITORY') nls_territory,
  SYS_CONTEXT('USERENV','NLS_CURRENCY') nls_currency,
  SYS_CONTEXT('USERENV','NLS_CALENDAR') nls_calendar,
  SYS_CONTEXT('USERENV','NLS_DATE_FORMAT') nls_date_format,
  SYS_CONTEXT('USERENV','NLS_DATE_LANGUAGE') nls_date_language,
  SYS_CONTEXT('USERENV','NLS_SORT') nls_sort,
  SYS_CONTEXT('USERENV','CURRENT_USER') current_user,
  SYS_CONTEXT('USERENV','CURRENT_USERID') current_userid,
  SYS_CONTEXT('USERENV','SESSION_USER') session_user,
  SYS_CONTEXT('USERENV','SESSION_USERID') session_userid,
  SYS_CONTEXT('USERENV','PROXY_USER') proxy_user,
  SYS_CONTEXT('USERENV','PROXY_USERID') proxy_userid,
  SYS_CONTEXT('USERENV','DB_DOMAIN') db_domain,
  SYS_CONTEXT('USERENV','DB_NAME') db_name,
  SYS_CONTEXT('USERENV','HOST') host,
  SYS_CONTEXT('USERENV','OS_USER') os_user,
  SYS_CONTEXT('USERENV','EXTERNAL_NAME') external_name,
  SYS_CONTEXT('USERENV','IP_ADDRESS') ip_address,
  SYS_CONTEXT('USERENV','NETWORK_PROTOCOL') network_protocol,
  SYS_CONTEXT('USERENV','BG_JOB_ID') bg_job_id,
  SYS_CONTEXT('USERENV','FG_JOB_ID') fg_job_id,
  SYS_CONTEXT('USERENV','AUTHENTICATION_TYPE') authentication_type,
  SYS_CONTEXT('USERENV','AUTHENTICATION_DATA') authentication_data,
  SYS_CONTEXT('USERENV','CURRENT_SQL') current_sql,
  SYS_CONTEXT('USERENV','CLIENT_IDENTIFIER') client_identifier,
  SYS_CONTEXT('USERENV','GLOBAL_CONTEXT_MEMORY') global_context_memory

from dual;

Also maybe look at DBMS_APPLICATION_INFO

I would strongly recommend against just using REMOTE_OS_AUTHENT.

Also, maybe look into Virtual Private Databases (VPD).

"dk" <goyald_at_gmail.com> wrote in message news:facb5f59.0410291703.1362be3c_at_posting.google.com...
> Hello,
> I have a java application (on Windows) that runs as a background job
> and needs to connect to an Oracle 9i server on a Solaris machine on
> same network backbone. As per network security guys, database
> passwords must change every 3 months. Recompiling Java programs with
> new password every three months is really not a good solution.
> As program runs as a daemon, prompting database password everytime it
> starts is not a practical situation. Security guys also rule out
> storage of password on disk in a flat file that can be read on each
> applicaton restart.
>
> As this java program runs as a windows background job (as NT service)
> using a domain username password, is it possible that somehow I can
> get authenticated to Oracle with same domain account transparently...
> I will be using JDBC to connect to Oracle.
>
> (I also need to do this for C++ programs on Windows and Oracle on
> Windows, Linux, Solaaris or AIX)..
>
>
> Thanks and regards
>
> D Goyal
Received on Sun Oct 31 2004 - 18:26:55 CST