Home » RDBMS Server » Security » PL/SQL code for a login/password feature
icon6.gif  PL/SQL code for a login/password feature [message #119689] Fri, 13 May 2005 15:25 Go to next message
dmcgilli
Messages: 6
Registered: May 2005
Junior Member
Hello,

I have written a web based application in PL/SQL. It sits on top of an Oracle database. What I want to do is whenever a user visits certain web pages the application asks for a login and password. I want to write this feature in PL/SQL.

Thank You
Douglas McGillivray
Re: PL/SQL code for a login/password feature [message #119695 is a reply to message #119689] Fri, 13 May 2005 16:00 Go to previous messageGo to next message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
you could do it in several ways:
1.) use different schemas for secured and unsecurued code and set up 2 DADs. The one DAD has a password entered, the other doesn't. The one needing a password will pop up a dialog box.
2.) Set a cookie during initial login and test for that every time the user wants to access a secure page. If the cookie has expired, throw them to a login page. If the cookie hasn't expired yet, update it with a later expiry time so that it expires based on inactivity rather than a fixed time after initial login.
3.)...
icon7.gif  Re: PL/SQL code for a login/password feature [message #119855 is a reply to message #119695] Mon, 16 May 2005 07:04 Go to previous messageGo to next message
dmcgilli
Messages: 6
Registered: May 2005
Junior Member
Do you happen to know where I can find the code to do the following:

use different schemas for secured and unsecurued code and set up 2 DADs.

Thanks

Douglas
Re: PL/SQL code for a login/password feature [message #120122 is a reply to message #119855] Tue, 17 May 2005 18:21 Go to previous messageGo to next message
andrew again
Messages: 2577
Registered: March 2000
Senior Member
Quote:

use different schemas for secured and unsecurued code and set up 2 DADs


I don't think this is the way I would do it, because you have fragmented code - some in one schema and some in another. I would rather put a security wrapper aroud code, so that when you call a transaction, it first checks to see if you are logged in and only proceeds if you are logged in - else prints an message.

When you set up 2 DAD's - one with user/pass specified (DAD1) and the other without user/pass (DAD2), you would have 2 URL's e.g.
http://myhost:7777/pls/dad1/pkg.proc?p1=abc
and http://myhost:7777/pls/dad2/secured_code_owner.pkg.proc?p1=123

Because the user/pass is already entered for dad1, the code can be executed by anyone.
To access dad2, the user is automatically prompted for a user/pass by means of a pop-up diaglog box by the App server. The user/pass corresponds to a database user/pass. That user needs to have execute privs on the secured code (owned by secured_code_owner). If you create synonyms in these user's schemas, you don't need to mention secured_code_owner on the URL.
Re: PL/SQL code for a login/password feature [message #121368 is a reply to message #120122] Fri, 27 May 2005 15:52 Go to previous message
dmcgilli
Messages: 6
Registered: May 2005
Junior Member
Where can I find information about how to:
"
I would rather put a security wrapper aroud code, so that when you call a transaction, it first checks to see if you are logged in and only proceeds if you are logged in - else prints an message.
"

Thanks
Douglas McGillivray
Previous Topic: Preventing end-users from connecting using 3rd party softwares
Next Topic: prevent database user to connect by specified program
Goto Forum:
  


Current Time: Fri Mar 29 08:44:47 CDT 2024