Connection string without username and password
Hi,
I need to use DriverManager.getConnection() to connect to sql2000 use only dsn name; no user name and password allowed.
how do I do it?
the main reason is we do not want to put password as clear text on the java code. the customer does not want to put the password at registry either.
Is there a way that we can store the password on the client side and just use the dsn name to connect to sql server?Still doesn't explain the problem.
As I already said, there are only two ways to connect to MS SQL Server, with a user/pwd or via windows authentication.
So if you must use the first then you must have a user/pwd somewhere. In that case it doesn't matter what the user wants unless they want to convince Microsoft to re-engineer MS SQL Server.
Windows authentication should solve the problem but you do need a windows user then. And you must use a driver that supports windows authentication.
If you must use the usr/pwd then the solution is to encrypt or other obfuscate the actual password. One way is to use an encrypted configuration file which contains the user and password. Then your application loads the file, decrypts it and extracts the values at run time. You will need to provide a separate encryption tool to create the file in the first place.
Similar Messages
-
SOAP URL without username and password
Hello Everyone,
its a synchronous SOAP - PI -ECC scenario .
I have created HTTP URL through sender agreement in integration for testing.
However, customer now wants HTTPS URL without Username and password in production URL. How do i create this .
Regards,
RaviHello,
However, customer now wants HTTPS URL without Username and password in production URL. How do i create this .
You can disable basic authentication for the sender SOAP Adapter by following William's reply in this thread
http://forums.sdn.sap.com/thread.jspa?threadID=236507
However, the authentication will be disabled for all SOAP Sender, so you should weigh-in the impacts of granting that request.
Hope this helps,
Mark
Edited by: Mark Dihiansan on Feb 13, 2012 3:51 AM -
DAD without username and password
I create a DAD without username and password.
I want to pass this parameters when I call my page login.
How can I do this?
Thanks.Maybe the Oracle Application Express (APEX) guys know more about it ..
-
Connecting Using SSL Authentication Without Username and Password
Hi,
We're on RedHat Linux 4.0 using 10.2.0.3 (server/client). We're trying to figure out a way to connect to the database using instantclient and JDBC-OCI and SSL authentication without using a username or password. According to the documentation this should be possible but no sample code is given.
LD_LIBRARY_PATH is set /opt/app/oracle/product/10.2.0/db_1/lib:/usr/lib:/home/oracle/instantclient where the instantclient was installed from the 10.2.0.1 client software
and we are using JDK version 1.6.0_03.
We're also referencing the following paper:
http://www.oracle.com/technology/tech/java/sqlj_jdbc/pdf/wp-oracle-jdbc_thin_ssl_2007.pdf
We've got our client and server wallets configured and the sample code we tried looks like this:
import java.sql.*;
import java.sql.*;
import java.io.*;
import java.util.*;
import oracle.net.ns.*;
import oracle.net.ano.*;
import oracle.jdbc.*;
import oracle.jdbc.pool.*;
import java.security.*;
import oracle.jdbc.pool.OracleDataSource;
public static void main(String[] argv) throws Exception {
DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
Security.addProvider(new oracle.security.pki.OraclePKIProvider());
System.setProperty("oracle.net.tns_admin", "/opt/app/oracle/product/10.2.0/db_1/network/admin");
String url = "jdbc:oracle:thin:@orcl";
java.util.Properties props = new java.util.Properties();
props.setProperty("oracle.net.authentication_services","(TCPS)");
props.setProperty("javax.net.ssl.trustStore",
"/opt/app/oracle/product/10.2.0/db_1/admin/wallet/server/cwallet.sso");
props.setProperty("javax.net.ssl.trustStoreType","SSO");
props.setProperty("javax.net.ssl.keyStore", "/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client/cwallet.sso");
props.setProperty("javax.net.ssl.keyStoreType","SSO");
props.put ("oracle.net.ssl_version","3.0");
props.put ("oracle.net.wallet_location", "(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/app/oracle/product/10.2.0/db_1/admin/wallet/client)))");
System.out.println("At Here...");
OracleDataSource ods = new OracleDataSource();
//ods.setUser("scott");
//ods.setPassword("tiger");
ods.setURL(url);
ods.setConnectionProperties(props);
System.out.println("At Here1...");
Connection conn = ods.getConnection();
System.out.println("At Here2...");
Statement stmt = conn.createStatement();
ResultSet rset = stmt.executeQuery("select 'Hello Thin driver SSL "
+ "tester ' from dual");
while (rset.next())
System.out.println(rset.getString(1));
rset.close();
stmt.close();
conn.close();
When this code is compiled and run, the following error is thrown:
Exception in thread "main" java.sql.SQLException: invalid arguments in call
at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:112)
If a username and password is supplied, the code works. So does anyone have a working of using SSL to authenticate without supplying username/password?
Thanks
mohammedHi,
I just solved this. I noticed from another thread that I was not using the OCI driver (see below):
String url = "jdbc:oracle:thin:@pki14";
Once I changed it to:
String url = "jdbc:oracle:oci:@pki14";
The code worked perfectly. One more setting that you'll have to do is to create the user you want to connect as externally:
create user scott identified externally as
'CN=acme, OU=development, O=acme, C=US';
grant connect,create session to scott;
Note that the DN should be the same as the SSL certificate that you created in your wallet.
hth
mohammed -
Web service functions in SSO without username and password
Is there a way to use the Public Report Web Service functions when configured in SSO and without passing a username and password? I was able to try out the web service and make it work. As we all know, you need to pass a username and password for each web service call unless your reports can be accessed by guests. In an SSO + LDAP server configuration, there are cases in which you are not allowed to get the password. The password can not be decrypted.
Is there a way to still use web service? or do you need to use the url approach instead? But if you use the url approach then you may be limited to generating reports only.
I'm thinking there should be since if you are already logged in for SSO then you should be able to generate.
Any way to configure this?<i>When I access web reports from bw.</i>
i hope you are not talking about BEX web reports , since you have mentioned ITS.
Is it a standlone ITS or intergrated ITS?
can you post the url pattern here.
Regards
Raja -
Imqcmd without username and password everytime ...
hi *,
does anyone knoe how to use imqcmd without having to type username and password everytime?
when i do imqcmd -help i amgetting the following hint:
-passfile : Specify a file containing the administrator password.but i cant find anywhere (in sun documentation) how this pwd file must be structured.
regards chris
Edited by: cbrennsteiner on Oct 6, 2008 11:01 AMThere is a sample password file (password.sample) in the /etc directory. Depending on your install that is in:
<MQ_HOME>/etc
or
/etc/imq -
wifi connection asking for username and password!!! tried everything ... earlier it used to ask just the password.. please help!!
are you connecting to the same SSID or wireless access point ? Has any security settings been changed on the access point ?
-
How to configure JMS-Server to use username and password
Hi
Maybe this is a real stupid question, but please help me, I'm not very experienced using JMS:
I'm using JMS (provided by OC4J / Application Server 10.1.3). I configured a ConnectionFactory (without username and password) and a Queue and there is also a application, which successfully opens the JMS-Connections.
This works well as long as I do not provide a username und password in the ConnectionFactory (EnterpriseManager: OC4J/Admin/Services/JMS-provider...). If I do this, my application terminates with the following stacktrace:
javax.jms.JMSSecurityException: JMSServer[aplora2:12602]: failed to authenticate "myuser/mypassword", no such user.
at com.evermind.server.jms.JMSUtils.make(JMSUtils.java:1034)
at com.evermind.server.jms.JMSUtils.toJMSSecurityException(JMSUtils.java:1090)
at com.evermind.server.jms.JMSServer.getJMSServer(JMSServer.java:1237)
at com.evermind.server.jms.JMSServer.getJMSServer(JMSServer.java:1213)
at com.evermind.server.jms.InContainerProxy.getJMSServer(InContainerProxy.java:93)
at com.evermind.server.jms.EvermindConnection.<init>(EvermindConnection.java:103)
at com.evermind.server.jms.EvermindQueueConnection.<init>(EvermindQueueConnection.java:62)
at com.evermind.server.jms.EvermindQueueConnectionFactory.unprivileged_createQueueConnection(EvermindQueueConnectionFactory.java:98)
at com.evermind.server.jms.EvermindQueueConnectionFactory.access$000(EvermindQueueConnectionFactory.java:42)
at com.evermind.server.jms.EvermindQueueConnectionFactory$1.execute(EvermindQueueConnectionFactory.java:78)
at com.evermind.server.jms.InContainerProxy.doSecureOp(InContainerProxy.java:157)
at com.evermind.server.jms.EvermindQueueConnectionFactory.createQueueConnection(EvermindQueueConnectionFactory.java:75)
at com.evermind.server.jms.EvermindQueueConnectionFactory.createQueueConnection(EvermindQueueConnectionFactory.java:66)
at sam.model.messages.MessageManager.<init>(MessageManager.java:74)
where "myuser" and "mypassword" are the username and password I entered in the ConnectionFactory. (My Application certainly uses the same username and password)
I expected, that by entering username and password here I would configure my Queue to be protected by them. But obviously there are some very basic things I didn't understand. Can anyone give me a hint, how I can protect the (OC4J-) JMS-Server or the Queue by username and password?
Thanks for your help
Frank BrandstetterHey Frank -
Assuming you've set up users in the "Security Manager" for your application, you can specify what JNDI resources they can "read" (and thus also connect to) via the orion-application.xml file. Look at the following snippet from the orion-application.xml file:
<namespace-access>
<read-access>
<namespace-resource root="jms/firstQueue">
<security-role-mapping impliesAll="false" name="jmsSecurity">
<user name="scooter"/>
</security-role-mapping>
</namespace-resource>
</read-access>
<read-access>
<namespace-resource root="delme">
<security-role-mapping impliesAll="false" name="jmsSecurity">
<group name="messagingUsers"/>
</security-role-mapping>
</namespace-resource>
</read-access>
</namespace-access>
This would say that only the user "scooter" that you've set up would have access to the Queue whose JNDI name begins with jms/firstQueue. Anyone you've set up and added to a messagingUsers group would have access to any Queues whose JNDI name begins with "delme". (I'm honestly not sure what exactly this line does: <security-role-mapping impliesAll="false" name="jmsSecurity">)
This is the only way I've found to limit access to a particular Queue.
HTH.
Scott -
I am having trouble connecting MacBook Pro (10.6.7) to Novell server. I get incorrect username and password message. I can connect worksations running 10.5 without any problem. Any possible solution? Thanks, Ned
Having the exact same problem with connecting ML and Snow Leopard machines to a Windows 8.1 machine. Oddly enough, connecting and copying to/from works perfectly from a Mavericks machine, despite the problems reported about Mavericks regarding the exact opposite. An old thread, but did you find a solution?
-
Pass username and password adfs without using query string
pass username and password ADFS without using query string, Please help.
I used query string , but it is unsecured to pass credentials over url, with simple tool like httpwatch , anyone can easily get the password and decrypt it.Hello MohitJainMJ,
You're not in the right forum. Here it's for FIM topics!
Regards,
Sylvain -
Pass username and password ADFS without using query string, Please help.
pass username and password ADFS without using query string, Please help.
I used query string , but it is unsecured to pass credentials over url, with simple tool like httpwatch , anyone can easily get the password and decrypt it.Hi,
According to your post, my understanding is that you had an issue about the ADFS.
As this issue is related to ADFS, I recommend you post your issue to the forum for ADFS.
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.
Thank you for your understanding and support.
Thanks,
Jason
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Jason Guo
TechNet Community Support -
Get DB Username and password from current connection
Hi folks,
I'm presuming this is something absurdly simple, i therefore offer my apologies in advance. my requirement is quite different from the very famous dynamic JDBC credentials example.
I'm using Struts on a 10.1.2 implementation. We have numerous Oracle reports that we wish to call from Jdev (through a report server call). To provide the credentials to the Report server I need to provide the DB connection's username, password and SID. This I intend to do in a helper class in my web module.
Is there a plain vanilla simple way of getting this done. I know "context.getApplicationModule().getTransaction().getConnectionMetadata().getUserName()" gives me the Database Username- just like that. Is there a similar way to obtain the password and SID as well. While getTransaction().getConnectionMetadata().getJdbcURL is also quite useful, how "for the life of me" do i get the password of the current DB connection (assuming I have an application module that is already connected). I basically wish to directly use connections from the application module directly without the need to manually specify/hard-code these credentials in my code.
I've searched the forums and haven't been able to get the answer I was looking for (that or I;m searching in the wrong areas). Any help would be GREATLY appreciated.
CheersHey Timo,
thanks for that. I still have a couple of doubts.
One the nature of the application is slightly different. we use independent usernames and passwords which are stored in the DB (different from DB username and password). The request(for the report-server call) comes only after the user is authenticated. Like you rightly said it's not a good idea to store the password and I'm pretty sure that option is completely ruled out.
My questions is, given that the user already has an application module at hand which would mean he has a valid connection to "a" DB- (once again we have multiple DB scenario), I merely wish to use the information from the Connection that the application module is using to issue the request to the report server call. I take it the call to oracle reports server wouldn't accept a connect string, you necessarily have to provide the DB username/password and SID.
My question now, is there anyway to obtain the password(or merely point my report server to this without requiring to store it) from the application module connection.
I hope my query is clear, please let me know if what i'm saying needs to be clarified or doesn't make sense. -
How to connect an apple tv to an enterprise network with a username and a password?
I need to use it over my university's wifi. theres no option to enter username and password. how to connect the apple tv to such enterprise network?Contact the University's IT dept, they may be able to set something up on the network to allow the ATV to connect without the need for a user name/password.
-
Getting Pooled Connection with username and password
hi,
I am facing problems in getting pooled connections to MYSQL
database.I am using Tomcat server.
I tried the example given in Tomcat doc "JNDI how to", it
works fine with one set of username and password which is
given in server.xml. Now can anybody guide me thru the steps
to get pooled connections to the same database with multiple
username and passwords.
Thankyou all in advanceNow can anybody guide me thru the steps to get pooled
connections to the same database with multiple
username and passwords.Nope. Can't be done -- at least not that I've seen yet.
Database/JDBC driver vendors seem unconcerned, or don't
care about this scenario. I ragged on Informix years
ago for this very feature. It should would make database
admins jobs a lot easier if they could know "who" that
connection belonged to that is running the outrageous
SQL query without having to divine it by way of tracing
socket/IP connections back thru the network to some machine.
The only way I've seen to do it is to create your own
connection pool code that handles user/password connections.
-- but then the problem becomes you have a collection of
mini-pools for each user. i.e. if you have 200 users, you
end up with 200 connection pools with a couple/few connections
in each sub-pool. Kinda defeats the purpse.
So, apparently, everybody just deals with the single
"generic" user/password connection pool. -
We are using OC4J 1.0.2.2.1 and connection pooling with data-sources.xml
In data-sources.xml, we have specified the default username and password.
However, there are situations where we will want to use a different username and password and still use the connection pool. For example:
public static Connection getConnection(String aUserNameS, String aPasswordS) {
Connection conn;
try {
InitialContext ic = new InitialContext();
DataSource ds = (DataSource) ic.lookup("jdbc/ejb/OracleDS");
conn = ds.getConnection(aUserNameS, aPasswordS);
} catch (Exception ex) {...}
return conn;
Will this work? I mean, is it possible to specify a different username and password in the JNDI lookup and have it over-ride a provided default username and password in data-sources.xml?
Thanks,
EdThis may be problem with your userid/password. Please look the $OC4J_HOME/j2ee/home/config/principals.xml whether you have a right userid password.
I did a quick test at looking up at "jdbc/OracleDS" for two users admin and SCOTT and this works fine both in 1.0.2.2.x an 9.0.2
I got your errors when I had wrong passwords for these users
regards
Debu
Maybe you are looking for
-
How to spool the output of mod pl/sql ?
I am trying to generate a HTML (will be static after I generate) web page from Oracle PL/SQL package. Moment I execute the package/procedure call, it should generate a HTML file and we will be publishing the file over the web. create or replace proce
-
Can't open any windows in Safari even after re-install
I can't open any windows in Safari, even after installing Snow Leopard, not even the "About Safari" info window. I'm using Firefox to get online. I can open the program itself, but can't do anything else. I'm suspicious that it may be a virus, becaus
-
Why dont my dimension levels show up instead i get "Standard" level??
Hi i am facing a very tiresome problem and i cant figure it out,you see i have crated two levels in my dimesnsion Level: School Number (BuisnessIdentifier) level: Office OfficeNo (BI) but in the query builder of charts i only see 'STANDARD' and non o
-
MacBook Pro Battery "explosion"
I pulled out my MacBook Pro from its backpack after a good month sitting unused under my desk. The battery had "exploded" - and by that I mean that the casing had expanded, broken the seal and was coming apart. When I removed it from the bottom of
-
hi friends, could u plz tell me what is FEATURE Concept in ABAP-HR? and wher we can using this????/ with regards, Priya.S