Hide connection string in url
hi all
when i open form from another one the connection string that contain
user name & password appears in url
this in applicaion server10g
Hi Frank,
It seems to me that his user's can login without nothing just type in the URL and that is it.
I think the best way is just to force user's to type in userid & passwrod
userid=/@ your oracle_sid
Regards,
Hamdy
Similar Messages
-
How do you hide the query string in the URL?
Have you tried urlencoding and encrypted copy of the string
and then unencoding if necessary and decrypting on the next page.
You will need to use a preserve quotes function within the cfquery
to keep the single quotes. -
Hide DB Connect- String or use alias?
Hello,
maybe the question is answered anywhere, but i found nothing. Maybe i am just to stupid??
I call a report from an external application with an url like these:
http://servername.com/reports/rwservlet?desformat=pdf&server=report_servername&report=reportname.rdf&userid=dbuser/password@database&destype=cache¶meter1=50114000
So, now i want to hide the database- connect- string somehow. Maybe i have to use an alias.
But where i can specify an alias?
So, i want the url looks like that:http://servername.com/reports/rwservlet?desformat=pdf&server=report_servername&report=reportname.rdf&userid=alias1&destype=cache¶meter1=50114000
Is these possible??
Thanks a lot for fixes or suggests.
Greets
FlorianHi,
Use the method as post.
Nothing will be exposed in the URL.
Is it nesseary to show the values in the URL ?
Regards,
Vijay.B -
ISQL*PLUS dynamic reports - how to pass connect string in the URL
When we run dynamic reports thru ISQL*PLUS, does anyone know how
to pass the connect string info in the URL
The following is the code from ISQL*PLUS users guide but it
dosen't show how to pass the connect string
when I tried to pass hr/your_secret_password@dbserver for userid
I got an error msg
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<HTML>
<HEAD>
<TITLE>iSQL*Plus Dynamic Report</TITLE>
</HEAD>
<BODY>
<H1>iSQL*Plus Report</H1>
<H2>Query by Employee ID</H2>
<FORM METHOD=get ACTION="http://host.domain/isqlplus">
<INPUT TYPE="hidden" NAME="userid"
VALUE="hr/your_secret_password">
<INPUT TYPE="hidden" NAME="script"
VALUE="http://host.domain/employee_id.sql">
Enter employee identification number: <INPUT TYPE="text"
NAME="eid" SIZE="10">
<INPUT TYPE="submit" VALUE="Run Report">
</FORM>
</BODY>
</HTML>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks
JayThe form you use should work when your change
"hr/your_secret_password" to a valid username, password
and connect identifier like "hr/hr@MYDB". Don't forget to
configure MYDB in your tnsnames.ora file on the machine that has
the iSQL*Plus server.
What was the error you got?
The full URL syntax did seem to go missing from the 9.0.1 doc.
See below for the full syntax. This should be appearing in a
forthcoming FAQ.
- CJ
What syntax can I use to run an iSQL*Plus Dynamic Report?
You can run a dynamic report by entering the report URI in the
location field of your browser, or by making the report server a
link or the action for an HTML form. The iSQL*Plus 9i Release 1
documentation has examples of these.
The general syntax for running a dynamic report is:
{uri}?[userid=logon&]script=location[¶m...]
where uri
Represents the Uniform Resource Identifier (URI)
of the iSQL*Plus Server, for example:
http://host.domain/isqlplus
where logon
Represents the log in to the database to which you
want to connect:
{username[/password][@connect_identifier]}
where location
Represents the URI of the script you want to run.
The syntax is:
http://[host.domain/script_name]
The host serving the script does not have to be
the same as the machine running the iSQL*Plus server.
where param
Specifies the named parameters for the script you
want to run.
Named parameters consist of varname=value pairs.
iSQL*Plus will define the variable varname to equal value prior
to executing the script e.g.
...script=http://server/s1.sql&var1=hello&var2=world
This is equivalent to the SQL*Plus commands:
SQL> define var1=hello
SQL> define var2=world
SQL> @http://server/s1.sql
iSQL*Plus, SQL*Plus and SQL keywords are reserved
and must not be used as the variable names (varname). Note also,
that since variables are delimited by the ampersand character,
there is no requirement to enclose space delimited values with
quotes. However, to embed the ampersand character itself in the
value, it will be necessary to use quotes.
For compatibility with older scripts using the &1
variable syntax, varname may be replaced with the equivalent
variable position as in:
...script=http://server/s1.sql&1=hello&2=world
Note the & is the URL parameter separator and not
related to the script's substitution variable syntax.
Commands and script parameters may be given in any
order in the dynamic report URI. However, please note that if any
parameters begin with reserved keywords such as "script" or
"userid" then it may be interpreted as a command rather than a
literal parameter. -
Can I encrypt or hide the external data connections string in Excel for Mac?
When I connect Excel to an external database like Oracle or MySqL is there a way to encrypt or hide the connection string in the Mac version of Excel?
Sounds like an Excel question for the Microsoft forums.
http://answers.microsoft.com/en-us/mac?auth=1 -
FDM Data import from EBS failed via FDMEE after roll back the 11.1.2.3.500 patch . Getting below error message in ERPI Adapter log.
*** clsGetFinData.fExecuteDataRule @ 2/18/2015 5:36:17 AM ***
PeriodKey = 5/31/2013 12:00:00 AM
PriorPeriodKey = 4/30/2013 12:00:00 AM
Rule Name = 6001
Execution Mode = FULLREFRESH
System.Runtime.InteropServices.COMException (0x80040209): Error connecting to AIF URL.
at Oracle.Erpi.ErpiFdmCommon.ExecuteRule(String userName, String ssoToken, String ruleName, String executionMode, String priorPeriodKey, String periodKey, String& loadId)
at fdmERPIfinE1.clsGetFinData.fExecuteDataRule(String strERPIUserID, String strDataRuleName, String strExecutionMode, String strPeriodKey, String strPriorPeriodKey)
Any help Please?
ThanksHi
Getting this error in ErpiIntergrator0.log . ODI session ID were not generated in ODI / FDMEE. If I import from FDMEE its importing data from EBS.
<[ServletContext@809342788[app:AIF module:aif path:/aif spec-version:2.5 version:11.1.2.0]] Servlet failed with Exception
java.lang.RuntimeException
at com.hyperion.aif.servlet.FDMRuleServlet.doPost(FDMRuleServlet.java:76)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:57)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3730)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221) -
Connection string to insert data to Oracle DB
Hay guys,
Now I am facing the problem to insert data to the oracle db. I already connect the db to my netbeans service tag & also found the db & tables. But does not know how to insert, delete etc from my JSF pages. I send my JSF code. You guys tell me in which position in the code I will set the connection string, as well as the pattern of connection string. You guys found that I add a button name "show". I want that when I press the "show" button then the relative data will show in the corresponding textfield. I would like to mention that my database server ip is "192.168.56.2". And my netbeans installed pc's ip is "192.168.56.1". My oracle SID is "orcl", user name: "Asystem", Password: "abc123", and the table I want to access is "user_info". Please guys help me.....
THE CODE OF MY JSF PAGE IS TO:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Document : Page1
Created on : Feb 15, 2010, 10:33:41 PM
Author : Taibur
-->
<jsp:root version="2.1" xmlns:f="http://java.sun.com/jsf/core" xmlns:h="http://java.sun.com/jsf/html" xmlns:jsp="http://java.sun.com/JSP/Page" xmlns:webuijsf="http://www.sun.com/webui/webuijsf">
<jsp:directive.page contentType="text/html;charset=UTF-8" pageEncoding="UTF-8"/>
<f:view>
<webuijsf:page id="page1">
<webuijsf:html id="html1">
<webuijsf:head id="head1">
<webuijsf:link id="link1" url="/resources/stylesheet.css"/>
</webuijsf:head>
<webuijsf:body id="body1" style="-rave-layout: grid">
<webuijsf:form id="form1">
<webuijsf:textField id="textField1" style="left: 168px; top: 72px; position: absolute"/>
<webuijsf:button actionExpression="#{Page1.button1_action}" id="button1"
style="left: 239px; top: 264px; position: absolute; width: 96px" text="Show"/>
<webuijsf:textField id="textField2" style="left: 168px; top: 96px; position: absolute"/>
<webuijsf:textField id="textField6" style="left: 168px; top: 192px; position: absolute"/>
<webuijsf:textField id="textField3" style="left: 168px; top: 120px; position: absolute"/>
<webuijsf:textField id="textField4" style="left: 168px; top: 144px; position: absolute"/>
<webuijsf:textField id="textField5" style="left: 168px; top: 168px; position: absolute"/>
<webuijsf:textField id="textField7" style="left: 168px; top: 216px; position: absolute"/>
</webuijsf:form>
</webuijsf:body>
</webuijsf:html>
</webuijsf:page>
</f:view>
</jsp:root>im not sure if you can make a query directly from your jsf,
but its a better practice to do that in your backing bean -
Problem in JDBC-SQL Server connection string
Anyone could help me to write proper connection string using JDBC with SQL Server 2000. The descp:
Server name: CD
databaseName: songs
Using Window NT authentication.
I dont know whether to include username and password.
When I executed the statement below:
DriverManager.getConnection("jdbc:microsoft:sqlserver://CD:1433;databaseName=songs");
Recieved error: [Microsoft][SQLServer 2000 Driver for JDBC]Error establishing socket
Plz help!! Thank you very much.Look at the URl below:
How to connect to Microsoft SQL server with Type 4 JDBC driver
http://www.java-tips.org/content/view/615/29/ -
Connection String with Crystal Report XI R2
Hello,
I am having an issue with Crystal Reports XI R2 and figured this would be a good place to start and post my question.
I created a report in Crystal Reports XI and am now trying to pass the user id and password so that the user can just run the report. I attempted to use the Crystal Report connection string setup but receive an Microsoft ODBC error when trying to use that.
My question is how can you pass a userid and password to crystal report XI so that when you open the report it runs without prompting the user? I do not have access to .NET. Can this be done using Crystal Reports XI only?
Thanks in advance for your help
ShaunHi Shawn,
Standalone CR can only do that if using a URL to open a report in BOE.
For CR Designer itself the only option is to turn on Trusted Authentication in your Server, used Mixed mode and then import all of your users into SQL Server. Refer to MS's Help file on how to.
Now when the user runs the reports CR will simply pass the local user info to SQL Server and no prompting will be required. We still respect DB security so if the user is not allowed to access the table then CR respects that.
Thank you
Don -
How do you detect url redirects when connecting to a URL
how do you detect url redirects when connecting to a URL?
Thanks in advance
stevHai
(i) If it a jsp we can get the URL by request object.
Like
String url = request.getHeader("Referer");
u can do it in Servlet aslo by request object variable.
If this explanation is not ok, Explain ur doubt in more briefed Manner -
JDBC connection string to an MS Access DB
Hello,
I was searching for a package that will allow me to do
a JDBC connection to an MS Access DB. I found out about RMIJDBC, but I am not sure what I need to specify as my connection string. In SQL Server you usually give a url as well, but how about MS Access?
How do you do a connection??
Thank you for your help!
-Lia-Why not using the Jdbc/Odbc driver with the Odbc connection of MS Access ? The driver name is "sun.jdbc.odbc.JdbcOdbcDriver" and the URL is something like "jdbc:odbc:myAccessOdbcName".
Of course, this is not the fastest driver, but it is provided in standard with the JDK.
Matthieu -
Is there any way to use a global connection string variable for mysql database.
Currently there are some servlets in my web project.say ,
Servlet_1
Servlet_2
Servlet_3
Now i have to add these lines for each and every servlet to connect with mysql.
String driver = "org.gjt.mm.mysql.Driver";
String url= "jdbc:mysql://localhost/my_db?user=root&password=dba";apart from that if there is a way to create a global connection string servlet or class i can reuse it with my application.
please let me know how to do this.Ok this my Class for connection string.
package org.me.AuthAdmin;
public class ConString
public ConString()
String driver = "org.gjt.mm.mysql.Driver";
String url= "jdbc:mysql://localhost/my_db?user=root&password=dba";
}Please help me on this. i really don't know what to do here after.
package org.me.AuthAdmin;
import java.io.*;
import java.net.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.me.AuthAdmin.ConString;
public class AuthAdmin extends HttpServlet
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
String postUserName = request.getParameter("txt_un").trim();
String postUserPwd = request.getParameter("txt_pwd").trim();
String db_user_name=null;
String db_user_pwd=null;
try
//String driver = "org.gjt.mm.mysql.Driver";
// String url= "jdbc:mysql://localhost/my_db?user=root&password=dba";
Class.forName(driver).newInstance();
Connection con=DriverManager.getConnection(url);
Statement stmt=con.createStatement();
String qStr="SELECT * FROM sysusers WHERE user_name = '"+postUserName+"' AND user_pwd = '"+postUserPwd+"'";
ResultSet rst=stmt.executeQuery(qStr);
while(rst.next())
db_user_name = rst.getString("user_name");
db_user_pwd = rst.getString("user_pwd");
catch(Exception e)
throw new ServletException(e);
if( (postUserName.equals(db_user_name)) && (postUserPwd.equals(db_user_pwd)))
response.sendRedirect("panel.jsp");
}else
response.sendRedirect("error.jsp");
} -
Hiding password on the connection string
Hi,
Am trying to see if it is possible to hide password on the connection string when connecting from the application server. I can see one way of doing this, that is to use Oracle's OS Authentication. But because my Oracle is installed on Unix and my application server is on Windows 2000. I am not sure if this is possible?
Has any done something similar before?
ThanksThe problem with using a single sign-in product like Kerberos is I believe the Advanced Security Option is required. The ASO is an additional license fee.
Having the password in a file does not have to be a major security problem. Have a set of common logon modules created, one for each language in use, and have the module contain the logic to fetch the key.
This way the file name and path to the key is not obvious. Then have the premissions set so that only the ID that runs the production batch can read the file. Neither the customers or the developers should have access to that ID.
Unfortunately while this works for works batch ran out of products like Unicenter and application server based applications this technique does not work very well for cleint server applications. Client server based applications really need every user to have to sign-in with their own id.
If every user does not have their own id and it is undesirable to hard code the userid/password into the application then you are back to getting the password from an unsecured external source. Having the common module to do the fetching at least makes someone work to find the ID/password. Any Id used in this manner should have limited access in the database which means you might have two, three, or more such ID's setup but with each having access to the tables behind only specific applications.
HTH -- Mark D Powell -- -
Where to Hard Code the Connection String.....
Hi,
We just give the url to the user and when the user clik it.
The Application form login will appear and user should login before they
can use the system.
When our DBA setup in the production they give us the url and
when I click it the Database login screen appear before it goes to
the Application form login.
My problem is how to bypass that Database Login Screen and where to hardcode
the connection string in which file in the server.
Thanks.
Regards,
JunWe are hardcoding the userId (Connection) details in the formsweb.cfg, wil it create any issues to our security system.
From the application link, i couldnt get the userid details, as all the other
details like
serverArgs="escapeParams=true module=frm_login.fmx userid= sso_userid=%20 sso_formsid=%25OID_FORMSID%25 sso_subDN= sso_usrDN= debug=no host= port= buffer_records=no debug_messages=no array=no obr=no query_only=no quiet=yes render=no record= tracegroup= log= term=D:\Applns\OracleForms\forms\fmrweb_.res"
separateFrame="true"
splashScreen="no"
background="no"
lookAndFeel="Oracle"
colorScheme="blue"
serverApp="default"
logo="false"
imageBase="codebase"
formsMessageListener=""
recordFileName=""
EndUserMonitoringEnabled=""
EndUserMonitoringURL=""
heartBeat=""
were visible (view Source) but userid= sso_userid=%20, i think this points to
basejini.htm, which doesnt contain the userid details ..
am i correct .. please render your thoughts over this.
Many Thanks
Deepa
Message was edited by:
Deepa.ibs -
Where to place safely connection string
Dear all,
I have build a desktop application which use actually an SQL server express 2008 R2 database accessible from the application through WCF endpoints. WCF endpoint are hosted in a Windows Service and contain the necessary connection string as Windows Authentication
so far.
We are now study the possibility to move our database to SQL azure in a simple manner. For that we have 2 possiblities
1 - The Windows Service host for WCF services for database connection remain local the to the PC running the application and then we change the connection string authentication method to SQL authentication but then user and password will be clearly visible
in config file
2 - We move the WCF service host somewhere in Azure but I guess it will be extra cost because they can be quite many hit to those end point due to the quantity of data the application may require
3 - Is there an other way to hide the connection string in Azure ?
Thnaks for info on the best solution to go
regardsHello,
Based on your description, you can try to
encrypt or decrypt sections of web configuration file.
You can refer to Wayne Walter Berry 's blog to understand how to encrypt web.config:
Securing Your Connection String in Windows Azure: Part 1
Securing Your Connection String in Windows Azure: Part 2
Securing Your Connection String in Windows Azure: Part 3
Securing Your Connection String in Windows Azure: Part 4
Regards,
Fanny Liu
Fanny Liu
TechNet Community Support
Maybe you are looking for
-
Can i use safari with a windows 7 starter laptop?
Can I use Safari on a laptop running Windows 7 Starter?
-
Accessing Time Capsule shared drive from Vista
When running Vista in Bootcamp on my late 2008 Macbook Pro, I can see the shared network drive on the Time Capsule, but when I try to access it it just freezes Windows Explorer and I have to forcibly terminate the explorer process. Is there a trick t
-
What cord to connect Airport Express to dsl box
What type of cord connects the Airport Express to the dsl box?
-
Facebook is suddenly a white page!
For some reason, when I log into Facebook, it's now a blank white page where the Timeline is supposed to be. It works fine on my wife's computer, so it must be my Safari. Help! Thanks in advance!
-
Possible to disable audio during video recording? On 5th gen nano.
I'd like to use the video camera to record picture only. Is there some way to disable the audio? Does plugging in a microphone to the audio jack disable the onboard mic? Thanks.