|
|
| Re: Windows username and password [message #613759 is a reply to message #613757] |
Sun, 11 May 2014 02:17   |
John Watson
Messages: 8964
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
Sure, use operating system authentication:
c:\>
c:\>whoami
jwvaio\john
c:\>sqlplus / as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on Sun May 11 08:13:38 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified Auditing options
orclz> create user "OPS$JWVAIO\JOHN" identified externally;
User created.
orclz> grant connect to "OPS$JWVAIO\JOHN";
Grant succeeded.
orclz> exit
Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified Auditing options
c:\>
c:\>sqlplus /
SQL*Plus: Release 12.1.0.1.0 Production on Sun May 11 08:14:47 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified Auditing options
orclz> sho user
USER is "OPS$JWVAIO\JOHN"
orclz>
|
|
|
|
| Re: Windows username and password [message #613760 is a reply to message #613759] |
Sun, 11 May 2014 03:00 |
 |
deepakmannazhi
Messages: 137
Registered: February 2010
Location: Dubai, UAE
|
Senior Member |
|
|
Dear John,
Thanks a lot for your guidance.
For this method, we need to create separate database user for each OS user right?
We don't want to create separate database user. May be my question is little bit confusing.
We are having only one database schema, let us say Scott.
Our user table is like this
CREATE TABLE tmp_user
( user_id VARCHAR2(10),
user_passwd VARCHAR2(20),
user_desc VARCHAR2(200),
user_start_menu_id VARCHAR2(10)
)
Insert into FZEXPRD_DBA.TMP_USER
(USER_ID, USER_PASSWD, USER_DESC, OS_USER_ID)
Values
('DEEP', '132', 'Deepak', 'gtfs.deepak');
Insert into FZEXPRD_DBA.TMP_USER
(USER_ID, USER_PASSWD, USER_DESC, OS_USER_ID)
Values
('ADMIN', '234', 'Admin', 'Administrator');
COMMIT;
User Deepak needs to use the same user name (gtfs.deepak) and windows password to access our oracle application.
username we will get by sys_context or by using web util.
Select sys_context('USERENV','OS_USER') into v_user from dual;
or
v_user:=WEBUTIL_CLIENTINFO.GET_USER_NAME;
But for mapping password, I didn't find any method.
hope this is clear
Thanks and regards
Deepak
|
|
|
|
| Re: Windows username and password [message #613761 is a reply to message #613760] |
Sun, 11 May 2014 03:41 |
John Watson
Messages: 8964
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
Ah, I misunderstood your question. I've read it a bit better now.
Your technique won't work (even if you could get the password) because you are using AS 10.x, where the forms run on an Application Server. That means that your sys_context call will return the OS_USER of the application Server, not the end user.
However, if the user has authenticated to his local Windows, you do not need to know his password. All you need is the username, to use as his identifier in your application. You could pass through the %USERNAME% environment variable as a parameter on the URL that invokes the form. Except that would be totally insecure, because any one can change it.
Possibly your users need to run the form with no username/password prompt, then if you can find a secure way of determining the user's Windows ID (extracting it from the registry, perhaps?) you would use that to determine who they are?
|
|
|
|
|
|
| Re: Windows username and password [message #613763 is a reply to message #613762] |
Sun, 11 May 2014 05:16 |
John Watson
Messages: 8964
Registered: January 2010
Location: Global Village
|
Senior Member |
|
|
If you are confident that WEBUTIL_CLIENTINFO.GET_USER_NAME will return the Windows username and cannot be hacked so that it will return some other user's name, then this method should be 100% secure. As secure as Windows, anyway. I have no idea how WEBUTIL_CLIENTINFO.GET_USER_NAME gets its information, or if it can be fooled. Perhaps someone else knows.
|
|
|
|
|
|
|
|
| Re: Windows username and password [message #635044 is a reply to message #613757] |
Thu, 19 March 2015 07:30 |
|
|
If you are confident that WEBUTIL_CLIENTINFO.GET_USER_NAME will return the Windows username and cannot be hacked so that it will return some other user's name, then this method should be 100% secure. As secure as Windows, anyway. I have no idea how WEBUTIL_CLIENTINFO.GET_USER_NAME gets its information, or if it can be fooled. Perhaps someone else knows. Or you can check out if <url removed> could help you.
[EDITED by LF: Spam. URL removed as it has nothing to do with Oracle. Didn't delete the whole message as Craig has already replied to it.]
[Updated on: Thu, 19 March 2015 15:33] by Moderator Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
