Hide username and password
Dear all ,
I am using 10g Application server .
How can i hide username , password and connect strig while running report on web by web show document ?
one alternative solution for hiding username and password is
u can use frames.
all u hav to do is the connection code should be written in the frame.
cal this frame from where u hav to cal the report.
Similar Messages
-
Hide username and password while calling Oracle reports from forms11g
Is there any other methods to hide the username and password other than define keymapping in CGICMD.DAT file in oracle forms 11g.
Hope fully following code of procedure will eliminate the username and password.
PROCEDURE RUN_REPORT_OBJECT_PROC(
report_format VARCHAR2,
report_destype_name NUMBER,
report_file_name VARCHAR2,
report_otherparam VARCHAR2) IS
report_message VARCHAR2(1000):='';
rep_status VARCHAR2(1000):='';
vjob_id VARCHAR2(4000):='';
hidden_action VARCHAR2(7000):='';
v_report_other VARCHAR2(4000):='';
i number;
c char;
c_old char;
c_new char;
report_id REPORT_OBJECT;
report_server_name VARCHAR2(100); --Report Server Name
report_dest VARCHAR2(100); --Report Destination
reports_servlet VARCHAR2(100); --Report URL
report_path varchar2(100);
v_port varchar2(10);
BEGIN
reports_servlet := 'http://localhost:7778'/reports/rwservlet';
report_path := report_dest||report_file_name;
report_id:= find_report_object('rep_obj');
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_COMM_MODE,SYNCHRONOUS);
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_FILENAME,report_path);
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_SERVER,report_server_name);
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_DESTYPE,report_destype_name);
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_DESFORMAT,report_format);
hidden_action := hidden_action ||'&report=' ||GET_REPORT_OBJECT_PROPERTY(report_id,REPORT_FILENAME);
hidden_action := hidden_action ||'&destype=' ||GET_REPORT_OBJECT_PROPERTY(report_id,REPORT_DESTYPE);
hidden_action := hidden_action ||'&desformat='||GET_REPORT_OBJECT_PROPERTY(report_id,REPORT_DESFORMAT);
hidden_action := hidden_action ||'&userid=' ||GET_APPLICATION_PROPERTY(username)||'/'||
GET_APPLICATION_PROPERTY(password)||'@'||
GET_APPLICATION_PROPERTY(connect_string);
c_old :='@';
FOR i IN 1..LENGTH(report_otherparam) LOOP
c_new:= substr(report_otherparam,i,1);
IF (c_new =' ') THEN
c:='&';
ELSE
c:= c_new;
END IF;
-- eliminate multiple blanks
IF (c_old =' ' and c_new = ' ') THEN
null;
ELSE
v_report_other := v_report_other||c;
END IF;
-- save current value as old value
c_old := c_new;
END LOOP;
hidden_action := hidden_action ||'&'||v_report_other;
hidden_action := reports_servlet||'?_server='||report_server_name||hidden_action;
SET_REPORT_OBJECT_PROPERTY(report_id,REPORT_OTHER,'pfaction='||hidden_action||' '||report_otherparam);
report_message := run_report_object(report_id);
rep_status := report_object_status(report_message);
IF rep_status='FINISHED' THEN
vjob_id :=substr(report_message,length(report_server_name)+2,length(report_message));
WEB.SHOW_DOCUMENT(reports_servlet||'/getjobid'||vjob_id||'?server='||report_server_name,' _blank');
ELSE
null;
END IF;
END; -
URL reporting - Hide username and password
Hi all,
I am trying to display a report when a link is clicked by a user,I know this can be achieved by URL reporting.But any one who trys view the source of the file will be able to get the login information(aps-username/aps-password) from the file or they can view this info in the address bar.Is there any way of hiding this information?
Thanks
Manoj
Edited by: Manoj Thomas on Oct 9, 2009 4:23 PMWell, you can hide logon credentials by passing the logon token to the APSTOKEN command in the URL.The other way is to use OpenDocument to view a report.
In both the cases you need to get the logon token programatically and then pass it on to the paramater. This way you can hide the credentials.
I assume that you have already gone through the following PDF:
[http://help.sap.com/businessobject/product_guides/boexir31/en/xi3-1_url_reporting_opendocument_en.pdf]
I have used it in my project and it works. -
How to Hide username and password in command line using maxl
Hi,
How to encript my user name and password in command line prompt when I am login to Essbase server using batch file:
*1_Here is my batch file:*
Name of the bat file AV_Assig_Var1.bat
rem This batch file defines the following variables:
set $1 = 'admin';
set $2 = 'password';
essmsh AV_Asig1.mxl admin password
===========================
*2_Here is my maxl file:*
Name of the bat file AV_Asig1.mxl
/* Create a process log */
spool on to 'D:\lova\spool_log.txt';
/* login (using variables from a batch file */
login $1 $2 on 10.42.100.229;
/* create application and database */
create application AV_Asig1;
create database AV_Asig1.AV_DB;
/* End process log */
spool off;
exit;
*3_Command line prompt*
D:\Ess>AV_Assig_Var1.bat
D:\Ess>rem This batch file defines the following variables:
D:\Ess>rem 1: username
D:\Ess>rem 2: password
D:\Ess>essmsh AV_Asig1.mxl admin password
Essbase MaxL Shell - Release 9.3.1 (ESB9.3.1.0.0A181)
Copyright (c) 2000, 2007, Oracle and/or its affiliates.
All rights reserved.
MAXL> login admin password on *10.46.100.222*; /* I want to hide this information */
OK/INFO - 1051034 - Logging in user [admin].
OK/INFO - 1051035 - Last login on Monday, June 14, 2010 12:44:03 PM.
OK/INFO - 1241001 - Logged in to Essbase.
MAXL> create application AV_Asig1;
OK/INFO - 1051061 - Application AV_Asig1 loaded - connection established.
OK/INFO - 1054027 - Application [AV_Asig1] started with process id [6792].
OK/INFO - 1056010 - Application AV_Asig1 created.
MAXL> create database AV_Asig1.AV_DB;
OK/INFO - 1054014 - Database AV_DB loaded.
OK/INFO - 1056020 - Database AV_Asig1.AV_DB created.
MaxL Shell completed
D:\Ess>
I am looking forward to inputs from anybody.
Thanks & Regards,
Deepthi.Beyond that thread, I gave a presentation at Kaleidoscope last year around MaxL that goes into quite a bit of depth re encryption and a whole bunch of other MaxL goodies.
To download it, go to www.odtug.com, click on Tech Resources, Essbase/Hyperion, and use the search box for MaxL.
There are two presentations, one by Tracy McMullen and the other by me. Tracy's is a good introduction to the various command groups; my presentation focused on a few areas in depth, one of which was encryption. The title is "Master Essbase with MaxL Automation".
You will need to join ODTUG to download the presentation, but there is a junior membership that is free.
Regards,
Cameron Lackpour
P.S. ODTUG Kaleidoscope 2010 is coming up in two weeks, starting on 27 June 2010 -- for those of you still on the fence, it is an awesome conference and I urge you all to come. The content this year will be fantastic. -
Hide workspace username and password in link connection
I'd like create short icon connect to workspace; I'd like to have workspace, username and password in URL, instead of typing everytime;
I know that appliction is 4550; How to pass workspace, username and password
Thanks MByou may change the userID/ passwd from menu or create conn segment for each of the userID/ passwd combination .
-
Hey I have been really wanting to add an interface were users can create multiple usernames and passwords on my iweb page instead of the password protect feature that only allows 1 username and pass. is this possible?
You create .htaccess with a text edit application. It's a file with rules for the folder you place it in your server. First off you need to create the file. Since files that start with a "." (period) are hidden OS files in OSX they can not be created in Text Edit. I use TextWrangler to create a text file and save as .htaccess to the Desktop which can then be uploaded to a folder on your host to create rules for the directory its placed in.
After the file has been saved as .htaccess you will not see it on your Desktop since files that begin with "." are hidden by default in OSX. You can create an automator workflow finder action that uses terminal to display and hide files that begin with "." look here for more info.
Then check out some different codes you can insert into the .htaccess file. Usually searching Google for desired_feature .htaccess will find what you're looking for. For instance if you search for password protection .htaccess like this then you can find the code and method for creating a password-protected site using .htaccess
I've never used .htaccess for iDisk and can't say for sure if it's supported for iDisk - EDIT: actually I just tried and it isn't. I should've known this already. In which case if you're using MobileMe you're left at the mercy of their available features. Sorry, man. Time to switch hosts which allow for more dynamic features?
So now the drumroll question... Where are you hosting your site? You hinted MobileMe but it's not certain. Where you host depends on what programming features, if any, are available. -
Hiding Username and Password in Web Report URL
Hi there,
I am calling a report from my webforms using the WEB.SHOW_DOCUMENT built-in. The problem is that when using this, when the report or the parameter form is being displayed on the browser, the username and password is also displayed on the browser's URL bar with other report parameters.
Is there any way to surpress or hide the username and password? Please help as this raises some security issues.First off make sure your form
logs on using an ON-LOGON trigger
using the logon built in. Inside
a form level ON-LOGON trigger put the
following code (i.e.)
logon('username','password@database');
The password and database are concatenated together.
Then you can call reports without
puting the username and password in the
URL. Here are two examples.
web.show_document (i.e.)
web.show_document('URL_HERE','_blank');
or via a run_product (i.e)
Run_Product(REPORTS,'admin_req_snapshot',SYNCHRONOUS, RUNTIME, FILESYSTEM,plist,NULL);
<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by hkpang ([email protected]):
Hi there,
I am calling a report from my webforms using the WEB.SHOW_DOCUMENT built-in. The problem is that when using this, when the report or the parameter form is being displayed on the browser, the username and password is also displayed on the browser's URL bar with other report parameters.
Is there any way to surpress or hide the username and password? Please help as this raises some security issues. <HR></BLOCKQUOTE>
null -
I am want to keep AdminCredential as a parameter in VM Role Authoring Tool but I do not want user to be able to able to provide the password. As an Enterprise, we have a password policy that we use for Admin Password. The reason i want to keep it as an parameter
is because if we ever decide to change the policy, i do not have to go back and change it at 100 places it was used. I just change the parameter value and it gets applied everywhere.
This is what i have tried so far:
I added the AdminCredential parameter in the separate category. I made
Configurable to No and provided DefaultValue
in the format Administrator:Password1 in the parameter and imported the definition in the Admin Portal. Now Administrator:Password1 shows up in the username field and password is still editable.
In short, if possible, i do not want users to see the AdminCredential parameter. If i cannot hide the parameter, i want to disable username and password fields and provide hard coded value for it.
Is there a way to achieve what i am trying to do?The assumption with Azure Pack is that the OS is Server and the OS has been generalized.
Now, in the Azure Pack world this local admin credential is actually a special credential. You cannot take it away, but you can set a default value in the designer.
If a default value is set, you may be able to hide it from the view definition (I am not sure, since this is a special parameter), but you cannot remove the parameter from the resource itself.
And a credential in Azure Pack gets interpreted to a username plus password string.
I have added secondary accounts that capture a password string and a username (as strings, not credentials). But again, I am not positive that this is allowed.
Sorry for not having a straight answer, maybe someone will jump in with a better one.
Brian Ehlert
http://ITProctology.blogspot.com
Learn. Apply. Repeat. -
Trying to pass Login username and password from a non-Oracle Form
I have a form that I am trying to use to pass a login username and password to an Oracle form. The problem is I know Oracle 10g web reports can take login parameters in a URL, but I can't seem to figure out how to encode/hide it and have Oracle read it. I want to be able to hide the username and password (obviously for security) and I also want to be able to pass special characters... does anyone have suggestions? It seems even in Oracle forms there are some issues passing login info because I have built in parameter forms... I have given myself quite a headache either way! We are trying to upgrade from an old, old version of forms and reports and are trying to use as much orginal code as possible. It all works if I pass plain text user name and password... any help would be sooooo appreciated. By the way on the Oracle side I am still pretty much an infant developer... please talk slow and use simple words... ;-p
Thanks again for any help!
Va...asking me to enter username and password on a non-secured website, or else thy will destroy my account. Is it legit ?
It is definitely a scam. Delete it immediately.
For more information, see this document:
Identifying fraudulent "phishing" email -
Possible to Pass Username and Password to ADF URL?
Hi,
We are building a cache flow for pre-caching some pages after a server bounce. Ideally, rather than go through the sign on page, we could have direct urls for our program to execute for our test user that would include username and password. As we are not concerned with security in this environment, we are ok with having such a solution for this particular use case.
Are there delivered parameters with all adf apps that would allow us to construct such a URL?
Thanks!I know you aren't worried about security, but it's worth understanding that HTTPS will hide the URL parameters:
http://blog.httpwatch.com/2009/02/20/how-secure-are-query-strings-over-https/
As noted in the article the parameters can still "leak", but HTTPS provides you a mechanism to at least hide the parameters from network sniffers which are incredibly easy to install on the network (and remembering most security breaches come from within an organisation, not outside).
CM. -
Sql*plus hiding username and password
Hi All,
I was wondering if there is a way that I can avoid
having to specify username and password when I execute
sqlplus and sqlldr on Unix systems.
I know that If I don't specify a username or password
these programs will prompt for one. That is fine
when I am executing thing in a interactive shell but
if I want to execute these programs from a cron job
I need to have the username and password in my crontab
file and when they execute other users can see my
username and password by executing ...
ps -ef
... How can I correct this problem?Actually, Oracle Corp. provides a very neat solution to the password problem.
They have a program, called 'hide' which they provide the source for.
Search on Metalink for Note 1009091.6: "HOW DO YOU HIDE USERNAME/PASSWORD IN PS?"
You compile it on your system and you when you want to invoke sqlplus, for instance, you run 'hide sqlplus userid/password'.
The difference is, that when you run a ps, all you see is sqlplus, without the userid and password displayed.
You can rename sqlplus to something else and create a shell script called sqlplus that calls hide.
That way is transparent to the user. Everyone just runs sqlplus like they always have. -
Hiding usernames and passwords
We are attempting to access a form through a URL link from a
web page. The URL contains the username and password, but we
would like to hide this. We are on Forms 6i patchset 8. Reports
has a mechanism of hiding usernames in the url by altering the
config file. Is there any mechanism in forms to achieve this
result. Any help is appreciated.
Thanks.Can you check out the patch 8 white paper on the forms page. It has a section about passowrd hiding there.
I think that will help.
Regards
Grant Ronald
Forms Product Management -
External apps in portal r showing username and password on address bar
Hai all
We r usign apps 11.5.3 and 9iAS 9.0.2.0.1.
Portal 9.0.2.2.14a.
I regesterd apps as External application to portal and supplied username and password fields.
It is regestered succesfully and the external application link is working fine.
When I fisttime accessed link it asked for username and password.
I could logged in successfully to apps but the user name and pasword r appearing on the address bar of apps page.
Even my.oracle which is configured bydefault during portal installation is showing user name and password on the addressbar.
Is there a way to hide them from appearing in address bar.
regards,
sreenivasYou can deploy the external application link for your oracle apps as a url item in a region. Enable the check box to open this url in a new browser window. Hide the toolbars for this new window using javascript. Hope this helps...
-
Reporting Services username and password prompting
We have several branch office locations and one reporting services server. All of the branch office locations can access the reporting services server, but we have one location for the passed week, each time they make a connection to this server, it prompts
them for a username and password and will not allow them to connect even if the correct username and password is correct.
I have tried adding the server to the IE intranet/trusted site list. Set IE security on all zones to automatically logon with current username and password.
What is strange is that this is the only branch office site that is having this issue. It is almost like kerberos is broken for this site location only.
DOes anyone has any suggestions what could be causing this problem for all computers in this one location. Nothing has changed on their local servers nor have we pushed any updates to the machines.Hi bubba1984,
As per my understanding, I think this issue is caused by Kerberos authentication. Kerberos is an authentication protocol that allows clients that create authentication tokens to associate a specific destination to that token. In the failure case, there is
a mismatch between the destination specified in the token and the report server process configuration. Due to this mismatch, the underlying Kerberos authentication scheme supported by Windows prevents report server from authenticating the user.
To fix this issue, please try to remove RSWindowsNegotiate and ensure RSWindowsNTLM is specified in the rsreportserver.config file. For more details, please take the following article as reference:
http://blogs.msdn.com/b/lukaszp/archive/2008/03/26/solving-the-reporting-services-login-issue-in-the-february-ctp-of-sql-server-2008.aspx
Hope this helps.
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support -
Single sign-on and different usernames and passwords
Hello,
I am building a Portal with WLPS 3.5 and WLS 6.0. I tried to get
information about the background of single sign-on.
I understand, that I need a Realm (i.e. LDAP Realm) to authenticate the
user for the first login to the portal (with username and password).
Now I would like to integrate my webmail-programm (to get emails from
Lotus Notes via Internet) as a portlet.
For my understanding the user has to authorizate to get access to webmail.
Therefore I create a ACL for webmail and this ACL is assigned to my
security Realm.
I would like the portlet to show after login the number of mails for the
specific user. But where are the username and password for webmail stored
and how are they received and forwarded?
I understand that my ACL included all users that have access to webmail
(i.e. all users). But I only want emails for the specific user.
Does WLS get all usernames and passwords while the first login? Do I have to
implement a algorithmen to get the specific username and password for the
requested resource in my portlet?
Has anyone solved a similar problem or can tell me where I can get more
information. I read the WebLogic Security document but I cant find a
answer to my questions.
Thanks
LydiaLydia,
I'm not an expert in this area, but I can give you a start.
As for single sign-on, there are different levels. For single sign-on across web-apps,
the servlet spec requires this (section 12.6 of th 2.3 spec) and therefore Weblogic
does this.
What you are talking about is single sign-on across back-end applications through
a web-app. BEA has partnered with Securant (just acquired by RSA) to provide this
kind of functionality. Browse to http://www.rsasecurity.com/products/ and look
at the ClearTrust product. BEA has also partnered with Netegrity (www.netegrity.com)
with their SiteMinder product. Neither is included in the Weblogic license. I'm
sure either vendor would be excited to explain how their product will solve your
problem if you give them a call.
As for where the username and passwords are stored, that is up to the realm. If
you are using the default WLPS RDBMSRealm, the username and encrypted password
are stored in the WLCS_USER table. If you are using LDAPRealm, they are stored
in your LDAP server.
Hope this was useful!
PJL
[email protected] wrote:
Hello,
I am using PersonalizationServer 3.5 and WLS 6.0 SP 2.
Now I try to unterstand the functionality of Single sign-on when a user
has different usernames and passwords for different applications.
Can someone explain where the usernames and passwords for a user are
stored (all in the LDAP-realm or a RDBMS-realm?) When a user access the
application how username and passwords are mapped? Or usernames and
passwords for all applications are the same and will be equalized?
Precisely I would like to get access to a mail-account for a specific
user
(webmail from Lotus Notes).
Thanks for any help
Lydia
Maybe you are looking for
-
Stop opening multiple instances of the same application
I am used to having graphic files on my desktop, when editing one I would simply right-click and pick "open with" > Photoshop (which is always open in its own desktop in my computer). Now out of the blue, if I do that, it loads another instance of Ph
-
Post goods issue at item level
Hi All , is it possible to do the PGI at Item level ? as far as i can think PGI is only possible for whole delivery ... We create the HU at the time of Delivery packing ( once all the TO are confirmed for 916) ... Now the requirement ispick the pall
-
Mail is acting crazy. It continues to download the same messages from years and years ago. I delete them. Moments later they are all back. Haven't been deleted. Suggestions?
-
Hi Experts, I want to know the exact execution time for a t.code. I check it in ST03 or ST03n but I can't get proper data. In ST03 I get the average and total response time but I want the exact ececution or response time. Waiting for your inputs. Re
-
Reviews not appearing for owned apps
I keep submitting reviews for apps to the App Store, but the never appear. Why would that be?