Mask ORACLE XE Url
Hi everybody,
I successfully installed ORACLE XE Production on Fedora Core 4 and it looks quite cool right now. To get it productive on my side, there is one question left:
Is it possible to mask the XE URL in a way the application id is not viewable to the client?
For example:
My default url looks like this URL: http://www.sample.com/apex/f?p=4500:1000:1984081305771803:::::
My 'wanted' url should look like
http://www.sample.com/index.html?1000:1984081305771803:::::
All in all, i want to replace 'apex/f?p=4500' with a custom string (e.g. 'index.html?')... so that there is no possibility to change the application id manually in the url to get access to an other application.
I am not that familiar with mod_rewrite or the apache caching possibilities, so, does anybody know wheather it is possible to do such a masking, and if yes, how can i do it ;-)?
Thanks a lot in advance to the community
Thomas
Hi Thomas,
if security is your concern, you might want to check the following thread / url:
Hide ApplicationID in URL
http://download-uk.oracle.com/docs/cd/B19306_01/appdev.102/b16373/sec.htm#sthref2061
especially the part on session state protection.
And also consider using an Apache http server as a proxy in front of XE.
This way you can use SSL and tighten access to the system.
~Dietmar.
Similar Messages
-
PL/SQL - Masking Parameters on URL with Form Post vs Get
I am inquiring about the PL/SQL functionality of passing focus from one procedure/function to another
via HTML web pages, using FORM ACTION="post" against "get".
I've successfully written a good bit of code using the "get" functionality, where the parameters are passed
on the URL, but security really wasn't an issue on that phase of the application. Now that it is, I'm researching
further on how to use the ACTION="post" to mask the parameters from the URL and not receive failures in the process.
I've seen multiple references in books showing the simple process of calling the procedure/function
which does not explicitly require parameters, and using the ACTION="post", but when doing so, it returns
the typical PL/SQL message that the page can not be found.
We are running 9i, but not running 9iAS. Is it necessary to have 9iAS in order to reap these benefits,
or is it not as simple as it's seems and I should just use Java Servlets/JSPs instead?
Any information, or direction, would be appreciated.
Thanks in advance.Encrypt the value of parameter and decrypt it back in processRequest of target page ??
-Idris -
Need to solve serious security problem with Oracle Reports URL
As mentioned repeatedly on this forum, Oracle Reports allows serious security breaches that allow users to see reports that they did not generate -- it's easy to guess a legal URL by changing the getjobid parameter.
I've reviewed the JavaDocs to part of the rwrun.jar file and reviewed some of the example report plugins. This shows promise in helping to solve this security problem but critical pieces are missing.
1) The javadocs are accurate for only 10g (9.0.4) but not correct for 10g (10.1.2+), which we are currently using. I need access to the updated version of this javadoc.
2) Even with the updated version of the JavaDoc, I haven't found a class from which to inherit that would give me the opportunity to generate random jobid values, which then would effectively prevent users from guessing other jobid values, and thereby gaining access to other's reports (which in our cases, may contain sensitive information.
3) We have found that we can send the parameter=value of EXPIRATION=1 which helps protect such information, but this requires that every program which invokes a report be modified to add this parameter. It would be far better for the report server to be configured to use a java class we write that inherits from some rwrun.jar class that would by default, add the EXPIRATION=1 parameter.Hi,
Thanks for our replies. I will ask to an administrator about this security problem, now I know it depends of a security parameter.
But I would know if it could be possible to hide the technical name of the query in the url. It could improve the security level of our reports in a first time in this way.
Thanks a lot,
JW. -
I wonder if anyone can help.
I am writing a Java class which uses a JDBC PreparedStatement object to call a stored procedure on an Oracle database.
To create the PreparedStatement object I use the prepareStatement method of the Connection object.
I do not create the Connection object - this is important - it is passed into my method by another piece of code I cannot change.
I need to specify some connection properties - specifically 'SetBigStringTryClob'. All the documentation I can find says that properties such as this can be passed to the Connection when it is created via a Properties object like this:
// Load the database details into the variables.
String url = "jdbc:oracle:thin:@localhost:1521:orcl";
String user = "scott";String password = "tiger";
// Create the properties object that holds all database details
Properties props = new Properties();
props.put("user", user );
props.put("password", password);
props.put("SetBigStringTryClob", "true");
// Load the Oracle JDBC driver class.
DriverManager.registerDriver(new OracleDriver());
// Get the database connection
Connection conn = DriverManager.getConnection( this.url, this.props );
I cant do this as I dont create the Connection object. What I can do is specify the URL, so I'm thinking I should be able to specify my connection properities as url parameters - but I cant get it to work and I cant find anything anywhere that tells me how to do it.
Any ideas?
Alternatively I'm thinking that maybe there is a method of Connection where I can specify these properties - essentially after its been created - but again, I cant find anything
Any help with this would be very much appreciated;
Cheers
NathanCan you use the 11g drivers?
See http://download.oracle.com/docs/cd/B28359_01/java.111/b31224/oralob.htm#CHDGJJDD
Specifically the Input section
Otherwise, is there any reason not to use the Oracle specific extensions? i.e. setStringForClob() -
Hi,
How can I drop the port reference from the URL? For instance rather that www.oracle.mycompany.com:6000 i only need www.oracle.mycompany.com. The port is also referenced when you click a menu item once logged in.
Reason for this is that our firewall automatically routes the http to port 6000, but fails when the URL includes a port reference
Thanks for your help -Hi Faidi,
Thanks for all the input, if possible could you let me know the process of changing the port 6000 to 80? The problem we have is that out firewall won't allow the :6000 to be included on the external URL.
We've included the oracle01.internal.domain in the users host file to point to the external name, which works fine upto logon screen and logon, but once you're in the system it won't work due internal reference within the system to oracle01.internal.domain:6000.
Hopefully this makes some sort of sense! Thanks again or your help
Thanks -
Portal - Oracle text URL item search error - DRG-11614
HI,
I have enabled text searching and created a URL item to http://www.news.com
I have sync'd the Oracle Text index and on looking at ctxsys.ctx_user_index_errors
I see
ERR_INDEX_NAME ERR_TIMES ERR_TEXTKEY
ERR_TEXT
WWSBR_URL_CTX_INDX 15-SEP-04 AAAOR8AAGAAAA47AAI
DRG-11614: URL store: communication with host specified in http://www.news.com t
imed out
Can anyone tell me what is causing this?
Thanks
Joel.
(Oracle Portal Version: 9.0.4.0.99)Joel
Does your database host require a proxy in order to be able to contact the website?
You can set the proxy that Portal uses from the Global Settings pages - there is a link to these from the Services portlet, an instance of which can be found on the Administration tab of the Desgin Time pages.
Once you've changed the proxy setting you'll need to recreate the URL index so that it can have another go at indexing your website with the Proxy. Please refere to the Search Configuration chapter in the Portal Configuration Guide for more information.
http://download.oracle.com/docs/cd/B10464_01/portal.904/b10356/toc.htm -
Masking HTTP inbound URL for security and control - Seeking Ideas
I am working to transition an application to XI that is based on HTTP posts from vendors to provide data. In order to use the XI Plain HTTP adapter for inbound requests, I need to provide the vendor a very long url and query string that identifies the target system as XI (since the query string structure) and makes it difficult to make changes to the configuration without notification of the vendor (because of the values required in the query string).
Has anyone found a way to mask the query string using a BPM page or another method to provide a simple url to integration partners that will translate into the fully qualified url within my environment?We solved this by using reverse-proxy with URL rewriting on network (NETAPP) appliance.
-
JDBC external oracle invalid URL
Ok after deploying oracle jdbc now I am getting this error:
Error during database connection to the database URL 'jdbc:oracle:thin@torigai:1527:DSORACLE' using the JDBC driver 'oracle.jdbc.driver.OracleDriver': 'com.sap.aii.adapter.jdbc.sql.DriverManagerException: Cannot establish connection to URL 'jdbc:oracle:thin@torigai:1527:DSORACLE': SQLException: Invalid Oracle URL specified'
Could this be becauase the external oracle DB is a 9.2 instance and the source is 10g? Should I deploy classes14.jar along with ojdbc.jar.....?
Thanks
MikieHi,
The reason is that the URL is incorrect. You have missed a ":" after "thin".
This is what it should be,
<b>jdbc:oracle:thin<i>:</i>@torigai:1527:DSORACLE</b>
><i>Should I deploy classes14.jar along with ojdbc.jar.....?</i>
Not needed at all. Infact you should use either ojdbc.jar or classes14.jar and not both.
From the SAP note : 831162
<i>
have deployed the Oracle classes12.zip / classes12.jar JDBC driver as per the instructions in the XI Configuration Guide.
Unfortunately, I frequently notice hanging database connections. A thread dump taken according to the instructions in note 710154 shows one or more blocking JDBC Sender/Reciver threads and optionally that the JVM has detected a deadlock.
A: The Oracle classes12.zip / classes12.jar driver is compatible with JDK 1.2 and 1.3 only, but not with JDK 1.4. Upgrade to a current version of the driver (ojdbc14.jar). For details, refer to note 941317.
Make sure that you remove classes12.zip / classes12.jar from aii_af_jmsproviderlib.sda prior to adding the new driver as per the instructions in the answer to question #1 above as you will get a class name collision otherwise (all JARs from aii_af_jmsproviderlib.sda are loaded into the same class loader and the driver class name of both driver versions is the same).
Before deploying the updated driver, ensure that the new version is still compatible with your Oracle database server release. For details, refer to the release notes provided by Oracle.</i>
Regards,
Bhavesh -
you can make the portal the default rather than the admin, so the admins will have to /login to the end of the hostname
in settings->helpdesk
at the bottom in the advanced setion change
Default landing page to Portal
Other options are of course to push this URL out to the desktop, which can still be done even if you've move the default to portal anyway.
Additionally if you want o remove the :port then you'll need to make sure nothing else is running on port 80 (eg IIS) then change the port SPiceworks runs thoughHello
Is they an easy way to mask the URL for the spice works user portal instead of them having to enter the servername:port/portal URL
Thanks in advance
This topic first appeared in the Spiceworks Community -
Oracle Form URL with content root's children directories path?
Hi All
In this case , we try to add children directories under default form path ( ex: Oracle_FRHome1/forms/DEPT_001/xx001_01.fmx and Oracle_FRHome1/forms/DEPT_002/xx002_01.fmx )
but there are so many children directories in our legacy systems, so it's not possible for us to add all path in server form_path variable
We try to call form directly in url
such as : http://localhost:9001/forms/frmservlet?form=/DEPT_001/xx001_01.fmx
first error appeared with such error message : FRM-92190: JavaScript is unable to evaluate expression.
After confirm error message, our form xx001_01.fmx still work fine
Are there any configuration file should be adjust in this case ?
Thanks~Hi Tony
Thanks for your response.
In this case , we have to many difference directories in legacy system.
FORM_PATH must be under some maximum length restriction and may exceed max length in this scenario
Is is possible to change AliasMatch in forms.conf for url pattern matching ?
best regard
thanks
Hendry -
Trying to set up redirect and A Record to mask BC in URL
We've gotten this far with our domain provider, but I'm not sure what to do next in BC. Our redirect is getting a No Start page.
Our BC URL is: http://betheldualenrollment.businesscatalyst.com
This is from our DNS provider:
Ok, the A Record has been setup:
dualenrollment.bethelu.edu -> 54.236.189.61
Though that URL pulls up something about No Start Page? When that's fixed, we can change the redirect to:
http://bethelu.edu/dualenrollment -> http://dualenrollment.bethelu.eduyou need to connect the 2 routers using regular ports. example, from port 1 of main router going to port1 of befw11s4. do not configure the wan ip of befw11s4 anymore. it should only be set to "obtain an ip automatically".
-
Oracle SES - URL issue in PeopleSoft
Hi,
I have installed PeopleSoft search framework in PT8.52 version.
Howevere, When I try to click the search result from the OSES, I can able to get the result but with wrong URL.
http://10.287.xx.xxx:8080/psc/EMPLOYEE/PSFT_EP/q/?ICAction=ICQryNameURL=PUBLIC.PTSF_MESSAGE&BIND1=5820&BIND2=1&SESLanguageCd=ENG
Please find the below setup done on local node PSFT_EP
Deafult portal: EMPLOYEE
Content URI Text : http://10.287.xx.xxx:8080/psc/
Portal URI Text : http://10.287.xx.xxx:8080/psp/
Any help on this highly appreciated.
Thanks
SoundappanHi,
I had a similar issue with urls from SES.
I added the Content URI & Portal URI to the Portal node (HRMS) and the default local node (PSFT_HR).
This solved my issue.
Hakan -
I followed the full installation guide (not quick install) to install BAM and all dependencies. After installation, all BAM services started successfully. When I tried to get to Oracle BAM console (http://localhost/OracleBAM), I was presented with the screen indicating Oracle BAM with two large column. On the right column is description of Oracle BAM and indicates that I can click on items on the left (left column) to perform certain function. In this case, the left column should have link for Administrator, Architect, etct. However, the left column is empty. I don't see anything there and can not get to Oracle BAM Administrator or Architect. Any direction on why this is happening?
I have BAM installed on Windows 2000 with sp4. Oracle AS 10g R2 Metadata Repository and all dependencies (Net frame 1.1, Enterprise Link, etc) are also installed on the same server.To follow up on my original post, I logged in using Window account that was used to install BAM (belonging to Windows Administrator group)
-
Hi,
can you tell me please, when I type
http://server.domaine:portnumber
in zone adresse of the web browser (Internet Explorer) which file (name and directory)on web server is displayed ?
Many thanks before.Hi,
its <Oracle AS Home>\Apache\Apache\htdocs\index.html
You can change this using Enterprise Manager Application Server Control .
Frank -
SharePoint 2013 public facing site - need to mask url in search results
Hi, we have sp2013 public facing site. Can we mask the display url in search results? Actually we are pointing two urls(ex: A & B) to same web application. Search results are already crawled based on A URL, so when people search in browsing 'B'
URL search results is giving URL with 'A' site. Please let me know if anyone have possible solution.
Can we have more than one url for internet zone in AAM? i browsed in blogs most of them say it is not possible.
Thanks,
JB
JBPlease don't create multiple questions for same issue, below one is the duplicate thread
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/25a31628-1a96-4d6d-a792-3493af5bdd83/unable-to-find-manage-site-feature-in-sharepoint-2013-public-facing-site?forum=sharepointgeneral
My Blog- http://www.sharepoint-journey.com|
If a post answers your question, please click Mark As Answer on that post and Vote as Helpful
Maybe you are looking for
-
Vendor debit balance should come in sundry debtor balance
Hi, Gurus My problem is that my client wants that if a vendor has debit balance than it should be treated as sundry debtor (Current Asset) and balance should come in sundry debtor reco. GL, similarly if a Customer has credit balance t
-
Can we refresh our inbox automatically in albpm 5.7
-
Bluetooth streaming from phone where is A2DP SINK?
I've had this computer for over a year now and have never been able to stream audio to it from my iphone5, it pairs easily. Ive been checking for updated drivers for it for awhile, but the last updated driver @ HP is from 2013. I went to Media Tek's
-
How to find Specfic Purchase Order is being edited or not
Hi Friends, How to find Specfic Purchase Order is being edited or not. Thanks in Advance. Murali Krishna K
-
How to change the color of an arrow
I'm have difficulty changing the color of an arrow in a Keynote presentation. I've tried to select it by clicking on it, selecting all and pulling the arrow off the picture, but it won't hi-light so I can change it. I've been able to manipulate all o