Hard-coded username/password in Dev10g Forms PL/SQL code...

Hi ,
I have developed an application which some logouts as the current user and logon to a new user is required.....
For this reason i have written the simple pattern:
logout;
logon('X','X'||'@'||tns_var,FALSE);
assuming that db-user user X does have the password X , for example.
The end-users do not have direct access to this db-user... only via this piece of code and only in Forms web app.
However , i wonder what may be another option for setting the passwd and where...?????
I have considered to create a table - called db_users_passwd , for example- which would store both the names/passwords of db users...- maybe in encrypted format.
This table would reside in the SYS or SYSTEM dataschema , with a strong password....
I have also read , somewhere , that a wrapped packaged procedure which would return the passwd of the username passed as parameter ...is an option as well...
Thanks....
Sim

That is more developed than our application. The one here was developed in Oracle 7.
It just calls
  DBMS_SESSION.SET_ROLE(ROLE_1 ||' IDENTIFIED BY '|| PW);The above enables the process to select roles and role passwords from a table, which it uses to build a string used in this statement:
  DBMS_SESSION.SET_ROLE(roles_to_enable);You could do the above in a database package that your form or forms call. Seems like if the security process was only executed from the package, you could produce a very secure system.

Similar Messages

  • What to Enter in Username,Password and Host String in SQL Plus 8.0??

    I downloaded Oracle Forms,Reports 6i.Along with it I got SQL Plus 8.0.Following
    are not working
    Username:scott
    Password:tiger
    Host String:Empty
    or
    Username :system
    Password:manager
    Host String:Empty
    I want to Know what to enter for Username,password and Host String.If i want to look in the TNSNAMES.ORS Plz Tell What to look for in it.

    Developer 6i is a client software, not database server. Ask the dba of the database, you are trying to connect, for valid userids/passwords/hoststrings.
    Werner

  • Report Manager 2008 r2 - prompts for username/password & does not accept

    Hi all,
    I am dealing with an extremely frustrating problem with Reporting Services 2008 r2, Report Manager, and would greatly appreciate any help.
    I have installed Reporting Services, with Report Manager, onto a Windows Server 2008 r2 install. 
    When loading Report Manager (http://server/reports), I get prompted for a username/password.
    No matter what I type in, I get prompted a 2nd time, then a 3rd time, then a blank screen loads up.
    @#$@#??!?!!
    How can I get past this username/password challenge - remember this is SQL 2008 r2 so IIS-based solutions are not relevant.
    Thanks again,
    Jason

    Hi Jason,
    Did you follow the solution i mentioned at another your thread
    http://social.technet.microsoft.com/Forums/en-US/sqlreportingservices/thread/4f3651cb-c608-4460-a45a-9337df2ab88a ? This is very common issue in SSRS 2008 and the solutons have been summarized at this blog
    http://blogs.msdn.com/b/lukaszp/archive/2008/03/26/solving-the-reporting-services-login-issue-in-the-february-ctp-of-sql-server-2008.aspx , and also applies to SSRS 2008 R2.
    Note:by using the default installation, the rsreportserver.config file is stored at C:\Program Files\Microsoft SQL Server\MSRS10_50.instance\Reporting Services\ReportServer
    please let us know the result.
    thanks,
    Jerry

  • Hard-coded playlist XML url into Flashvar?

    Hey All,
    So right now, I have a video player that pulls in all sorts
    of info (flv url, caption file url, video title, description,
    preview image, etc.) through an external xml file (playlist.xml).
    It works great, but I need to change the coding so it's not
    hard-coded into the FLA, rather from the embed code for the swf.
    Any idea how I can do this?
    Here's the chunk of AS3 code that's involved in the original
    loading of the XML data as well as the html text too.
    Thanks!
    Joe

    I tried the solution here:
    http://www.actionscript.org/forums/showthread.php3?t=185370
    But couldn't get it to work... Still looking.
    Joe

  • Submit Pdf form to http w/ credentials (username/password)

    Hi!
    I developed a form in Adobe LiveCycle, it has a button which submits form with attachments to http site.
    No coding involved, just configuration of the button.
    Http site requires credentials (username/password). How do I pass those credentials with submission?
    Can username/password be added to http header?
    Or I can excecute some javascript before submission?
    Thanks you!

    I got it working
    1. WS (in .net) must be asmx service. WS method accepting attachment should have string as a parameter, which will be passed as base-64 encoded string. So to save it as a file it has to be decoded first. I used byte[] ... = Convert.FromBase64String(yourstring).
    Keep in mind string <= 2GB
    2. In PDF file add WS service as Data Connection (File->New Data Connection ->WSDL File-> wsdl -> etc...). PDF will generate all WS parameters and a button to call WS. Drag and drop data connection on the form OR right mouse click -> generate fields OR set <connect> element of different controls as you wish to match data connection. Let's say control generated and binded to WS input string parameter is called "base64StringDocContent" (name = "base64StringDocContent") and button that submits to WS is called "submitAttachmentBtn" (name="submitAttachmentBtn").
    3. Javascript code to send attachment to WS:
    //access pdf form
    var formDom = event.target;
    //attachment id should be unique, can be anything you like
    var attachmentId = new Date().getTime() + "";
    //prompt user for document and get it
    var documentSelected = formDom.importDataObject(attachmentId);
    if (documentSelected == true){
         //user selected the document
         //get stream of the document (attachment)
         var inputStream = formDom.getDataObjectContents(attachmentId);
         //get new stream encoded as base64
         var vEncodedStream = Net.streamEncode(inputStream, "base64");
         //get string from the stream
         var sBase64 = util.stringFromStream(vEncodeStream);
         //get conrol which is binded to WS input parameter
         //my PDF form is called form1
         var wsInputParam = form1.resolveNode("$..base64StringDocContent");
         //get button which submits to WS
         var wsSubmitBtn = form1.resolveNode("$..submitAttachmentBtn");
         //assign attachment content (encoded string to input parameter)
         wsInputParam.rawValue = sBase64;
         //call click event of WS submit button
         wsSubmitBtn.execEvent('click');
         //done
         //if WS returns any value it will be assigned to control binded to output value of the web service.
    else{
         //user clicked Cancel
    4. Validation and try and catch should be added where/when needed.
    Hope it saves a couple of days for somebody.
    Good luck!!!
    I am still curious how to work with credentials doing http submission.
    If somebody has a solution please post it.

  • I run Dev 6i on Windows 2008 R2 64-bit,the forms are working fine after connection to the database but the reports continue to request for username, password and database connection string every time i try to open a report.

    I receive REP-0501: Unable to connect to specified database. I run developer 6i application on windows 2008 r2. I have applied the nn60.dll and nnb60.dll files to the \BIN directory. The forms are working fine. The reports will only display after the correct user id (username, password and database connection string) is supplied. This is happening to all attempts to open already complied form. Pls, help.

    If you are connecting to an Oracle 11g database, remember that by default the passwords are case sensitive. To disable that, run
    ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = FALSE;

  • Secure enough to write the db connection username password in form?

    Secure enough to write the db connection username password in form?
    Can anyone read the pdf form, extract the content or scripts from it?
    Thanks
    Asiye

    >Can anyone read the pdf form, extract the content or scripts from it?
    Always assume that.
    Aandi Inston

  • Forms Services: Invalid username/password when trying to use Forms Utility

    In Oracle Application Server Control, Forms Services, I clicked on Forms-> Forms Utility-> In the Command text field, I typed "ps" then I clicked <Submit>.
    A username/password form is displayed. I entered the username/password then clicked on OK button.
    The following error message appeared, although the username/password provided was for sure correct (they are the ones I used when I started the Oracle AS Control in the first place):
    Error: oracle.sysman.emSDK.emd.comm.RemoteOperationException Check the User Name and Password
    Also I got the same message when I tried to stop a session.
    Am I right that I should use the administrator username/password used to start the Oracle AS Control? If yes, why I am gotten this message?

    Frank,
    - user credential should be OS userid/password of user who installed iAS.
    I had tried to log on using OS userid/password.
    - set "Log on as a batch job" priviledge.
    privilege had been already assigned.
    - check if "allow service to interact with desktop" is enabled
    it had been already enabled.
    - If your system does not have MKS TOOLKIT, it won't work. However, this page is designed for future enhancement. See Online Help.
    1. What is MKS Toolkit?
    2. It is stated in the documentation that it will be enhanced in the future but the command "ps" should work. It is clearly stated that I should see a list of processes.
    Thanks Frank.
    Merry Christmas to you by the way.

  • How can I get the username and password from Oracle Forms to PJC !

    Dear Sir,
    I have username,password and push button fields in oracle forms. When user clicks the push button, I need to get username and password field contents to my Pluggable Java Program to authenticate the user trying to login. How can I get those text field contents to my java program..? Looking forward from you soon sir.
    Thanks in Advance,
    S Ramkumar

    I tried that trigger but nothing reflects. I write that method in WHEN_BUTTON_PRESSED trigger.
    In the form module I written,
    Set_Custom_Property('BL.USERNAME',1,'NAME','');
    Set_Custom_Property('BL.PASSWORD',1,'PASS','');
    Implementation class of the push button I gave my java class file name.
    In Java Code I tried register the form fields like,
    public static final ID userName = ID.registerProperty("NAME");
    public static final ID passWord = ID.registerProperty("PASS");
    In Java Code I tried get the contents from registered properties,
    public boolean setProperty(ID property, Object value) {
    if(property == userName) {
    System.out.println("Just I wish to see the name entered" + value.toString());
    if(property == passWord) {
    System.out.println("Just I wish to see the pass entered" + value.toString());
    But even System.out.println() is working.
    What's wrong with this code sir ???
    Can you tell me How to register and get those field values in Java ?

  • HARD CODED EMAIL MESSAGES FROM AN ORACLE FORM

    I have SMTP code in a WHEN-BUTTON-PRESSED TRIGGER which will preformat the recipient line, the courtesy copy line, the subject line, and a hard coded email message and then send the email to another co-worker inhouse in our organization whenever a user would press a button on an ORACLE FORM.
    Would this same code be useful if the user wanted to send an email to another user in another organization millions of miles away? Do I have to be concerned about how the email system is set up in the other organization and code the program specifically for that particular organization? Here is the code that I am using.
    PROCEDURE SEND_INFO
    Sender varchar2 := :SUPPLY_REQUEST.NAME,
    Recipient varchar2 := :SUPPLY_REQUEST.SENDNAME,
    Recipient4 varchar2 := :SUPPLY_REQUEST.OTHNAME4,
    Ccrecipient varchar2 := ' ',
    Subject varchar2 := 'TODAY IS ANOTHER DAY OF YOUR LIFE',
    Message varchar2 := 'IS THIS IS A GOOD DAY ?'
    ) IS
    crlf Varchar2(2) := CHR(13)||CHR(10);
    connection utl_smtp.connection;
    Mailhost Varchar2(30) := 'erecemh1-bh.erec.army.mil';
    header VARCHAR2(1000);
    BEGIN
    connection := utl_SMTP.open_connection(mailhost);
    header := 'Date: '||TO_CHAR(NEW_TIME(SYSDATE,'EST','GMT'),'fm DD MON YY HH24:MI:SS AM')||crlf||
    'From: '||sender||' '||crlf||
    'To: '||recipient||','||recipient4||crlf||
    'CC: '||ccrecipient||crlf||
    'Subject: '||subject;
    utl_SMTP.helo(connection, mailhost);
    utl_SMTP.mail(connection, sender);
    utl_SMTP.rcpt(connection, recipient);
    utl_SMTP.rcpt(connection, recipient4);
    utl_SMTP.open_data(connection);
    utl_SMTP.write_data(connection, header||crlf);
    utl_SMTP.write_data(connection, crlf ||message|| crlf);
    utl_SMTP.close_data(connection);
    utl_SMTP.quit(connection);
    EXCEPTION
    WHEN UTL_SMTP.INVALID_OPERATION THEN
    DBMS_OUTPUT.PUT_LINE('INVALID OPERATION IN SMTP TRANSACTION.');
    WHEN UTL_SMTP.TRANSIENT_ERROR THEN
    DBMS_OUTPUT.PUT_LINE('tEMPORARY PROBLEMS WITH SENDING EMAIL - TRY AGAIN LATER.');
    WHEN UTL_SMTP.PERMANENT_ERROR THEN
    DBMS_OUTPUT.PUT_LINE('ERRORS IN CODE FOR SMTP TRANSACTION');
    END;
    In another step of the program, I have initialized the variables:
    SUPPLY_REQUEST.NAME to '[email protected]'
    SUPPLY_REQUEST.OTHNAME4 to '[email protected]'
    SUPPLY_REQUEST.SENDNAME to '[email protected]'

    Would this same code be useful if the user wanted to send an email to another user in another organization millions of miles away?
    Depends on your mail server. If your mail server allows email to be sent out of your organization, then yes, you can email to another organization millions of miles away (or further).
    Do I have to be concerned about how the email system is set up in the other organization
    Generally, no. However they can set up their system to block emails coming from a certain address.
    and code the program specifically for that particular organization?
    Nope, just make sure you have their correct email address.

  • Form-based authentication stores the username/password pair in the session

    Hello,
    I am following the SR Demo and the authentication method followed is
    Form-based authentication stores the username/password pair in the session
    In the URl, the username and password is in clear text format.
    What is the best way of doing the authentication. How can I eliminate the username and password being shown in the URL?
    Any help is highly appreciable.
    Thanks

    Hi,
    this is how form based authentication works according the specs. You can use SSL to protect the communication, use BASIC authentication (though not much better), certificate based auhentication or SSO
    Frank

  • How do I setup Forms not to ask RAD username/password when opening a form

    Good day
    I have setup oid and sso and they work I can sign on to database with an oid user using sqlplus.
    If I set SsoDynamicResourceCreate=true and enter the user id and password in at the popup it works correct and won’t even ask it again
    What I want to know how can set portal to use a RAD/DAS without prompting for a username password.
    We need to do this for all +/- 30000 users and if so how do we do it pragmatically.
    I think because I don’t have much APPS experience I basically don’t know where this must be set globally
    APPS is version 10.1.2
    Regards
    Cliff
    Message was edited by:
    cliffnel

    Got solution in metalink note 262686.1
    Goto <infrastructure :port>/oiddas
    Click Configuration Tab
    Click Preference Tab
    Create Default RAD for database

  • Some username/password forms are not filled nor give a selection.

    One some websites (most recently https://tinkercad.com) FF does not give me a selection of my saved username/password combination on the sign in screen.
    It works fine on most of my other sites, like a roundcube installation or any of the dozens of other sites requesting login/password, even the ones with autocomplete=off which I removed using a bookmarklet.
    As I'm using both throwaway mailaddresses and randomly generated passwords, the save password function is essential for me. How can I make it work with tinkercad.com?

    Hello,
    '''Try Firefox Safe Mode''' to see if the problem goes away. Safe Mode is a troubleshooting mode, which disables most add-ons.
    ''(If you're not using it, switch to the Default theme.)''
    * You can open Firefox 4.0+ in Safe Mode by holding the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
    * Or open the Help menu and click on the '''Restart with Add-ons Disabled...''' menu item while Firefox is running.
    ''Once you get the pop-up, just select "'Start in Safe Mode"''
    '''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, and you need to figure out which one. Please follow the [[Troubleshooting extensions and themes]] article for that.
    ''To exit the Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
    ''When you figure out what's causing your issues, please let us know. It might help other users who have the same problem.''
    Thank you.

  • Button on Form to Update a specific field with hard coded data

    Hi Guys,
    This will probably be a nice a simple issue for you guys, but I have ben struggling on how to do this for hours!
    On my form created by a report I have a field called status that is pulling the data from the order_status column contained in the customer_orders table.
    What I am looking to do is to create a button on the form that once clicked will change the order_status to "Complete" and update the customer_orders table.
    I have attempted to do this by creating the button and also a proccess on the page, and have assigned the button to the process
    I have set the process as PL/SQL and have entered the following code:
    BEGIN
    UPDATE customer_orders
    SET order_status='Complete'
    WHERE customer_order_id =:P7_customer_order_id;
    END;
    However when I click on the button, the page just refreshes and the field has not been amended!
    Please Help
    Thanks
    kev

    I don't know of any example apps containing that off-hand. I've done this sort of thing several times before, but also can't post them as-is on apex.oracle.com due to sensitivity.
    I can tell you the steps I would follow:
    1) Create a button - in a region position or among region items - doesn't matter. If doing it as a button in a region position it will submit as the button name; if doing it as a button among region items it will submit as the button label.
    2) Create a PL/SQL after-submit process (On Submit - After Computations and Validations). Put the PL/SQL code in for the process (your update code looked fine to me, syntax-wise at least). Continue on in the process wizard and when it gets to where it wants to know if there is a condition, see the dropdown When Button Pressed - you'll want to select the button from step 1.
    3) Then, depending on what you want it to do next you would provide a branch - it could be a branch back to the same page refreshing the data with the new status or move on to another page.
    Are these the steps you followed?
    Hope this helps,
    John

  • Authentication Scheme with Username / Password stored in App Table

    Hi all,
    Up to now all of our applications have used SSO authentication, but I now need to step away from this to allow users from outside our organisation (and therefore not in our OID system) to use one specific application.
    I therefore have a table in my application that stores username and password. I have a function that compares the entered username and password to this table and returns a boolean result. This function is then registered in my Authentication Scheme as the Authentication function.
    All this works well and is causing no problems. The problem is that the password is stored and checked in plain text - obviuosly not very good.
    How do I go about changing the password column in my table, the pages that allow this password to be set and updated and the authentication function that checks the username / password to use some form of encryption?
    Also, do I need to be worrying about all the other fields (Page Sentry Function,Session Verify Function, Pre-Authentication Process etc) that the Authentication Scheme offers me - or can I just leave these blank as they are now.
    If someone can give me a complete 'out-of-the-box' solution that would be wonderful - otherwise a good hard pusj int he right direction would be much appreciated.
    Many thanks,
    Martin

    Hello Martin,
    If you check out the Discussion Forum application here, you should find the information you need. This app stores an encrypted version of the user's password in the table.
    http://www.oracle.com/technology/products/database/application_express/packaged_apps/packaged_apps.html#FORUM
    Good luck,
    Don.
    You can reward this reply by marking it as either Helpful or Correct :)

Maybe you are looking for