 PL/SQL code for a login/password feature [message #119689] |
Fri, 13 May 2005 15:25  |
dmcgilli
Messages: 6
Registered: May 2005
|
Junior Member |
|
|
Hello,
I have written a web based application in PL/SQL. It sits on top of an Oracle database. What I want to do is whenever a user visits certain web pages the application asks for a login and password. I want to write this feature in PL/SQL.
Thank You
Douglas McGillivray
|
|
|
|
| Re: PL/SQL code for a login/password feature [message #119695 is a reply to message #119689] |
Fri, 13 May 2005 16:00  |
andrew again
Messages: 2577
Registered: March 2000
|
Senior Member |
|
|
you could do it in several ways:
1.) use different schemas for secured and unsecurued code and set up 2 DADs. The one DAD has a password entered, the other doesn't. The one needing a password will pop up a dialog box.
2.) Set a cookie during initial login and test for that every time the user wants to access a secure page. If the cookie has expired, throw them to a login page. If the cookie hasn't expired yet, update it with a later expiry time so that it expires based on inactivity rather than a fixed time after initial login.
3.)...
|
|
|
|
|
|
| Re: PL/SQL code for a login/password feature [message #120122 is a reply to message #119855] |
Tue, 17 May 2005 18:21 |
andrew again
Messages: 2577
Registered: March 2000
|
Senior Member |
|
|
| Quote: |
use different schemas for secured and unsecurued code and set up 2 DADs
|
I don't think this is the way I would do it, because you have fragmented code - some in one schema and some in another. I would rather put a security wrapper aroud code, so that when you call a transaction, it first checks to see if you are logged in and only proceeds if you are logged in - else prints an message.
When you set up 2 DAD's - one with user/pass specified (DAD1) and the other without user/pass (DAD2), you would have 2 URL's e.g.
http://myhost:7777/pls/dad1/pkg.proc?p1=abc
and http://myhost:7777/pls/dad2/secured_code_owner.pkg.proc?p1=123
Because the user/pass is already entered for dad1, the code can be executed by anyone.
To access dad2, the user is automatically prompted for a user/pass by means of a pop-up diaglog box by the App server. The user/pass corresponds to a database user/pass. That user needs to have execute privs on the secured code (owned by secured_code_owner). If you create synonyms in these user's schemas, you don't need to mention secured_code_owner on the URL.
|
|
|
|
| Re: PL/SQL code for a login/password feature [message #121368 is a reply to message #120122] |
Fri, 27 May 2005 15:52 |
dmcgilli
Messages: 6
Registered: May 2005
|
Junior Member |
|
|
Where can I find information about how to:
"
I would rather put a security wrapper aroud code, so that when you call a transaction, it first checks to see if you are logged in and only proceeds if you are logged in - else prints an message.
"
Thanks
Douglas McGillivray
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
