[3495] in WWW Security List Archive
Re: Customized Queries
daemon@ATHENA.MIT.EDU (Robert S. Muhlestein)
Fri Nov 8 15:04:00 1996
Date: Fri, 8 Nov 1996 09:02:50 -0800 (PST)
From: "Robert S. Muhlestein" <robertm@teleport.com>
To: Roberto Galoppini <rgaloppini@tim.it>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <3281D00E.7FBC@tim.it>
Errors-To: owner-www-security@ns2.rutgers.edu
Are you using the Oracle Web Server? I highly recommend downloading the
demo version and using it. It has the authentication you refer to built in
and can keep a persistent Oracle connection over multiple web requests.
Slick stuff. Just came back from the Developing Web Applications class at
Oracle in Seattle. Very neat stuff.
On Thu, 7 Nov 1996, Roberto Galoppini wrote:
> <ABSTRACT>
> I have to run a web-database application with sensitive-information on
> an Oracle Web Server and I need to distinguish the user in order to
> perform his/her queries on his/her data.
> </ABSTRACT>
>
> <AUTHENTICATION SCHEME>
> The application has an initial login procedure (it could be using
> the Oracle's security Access Control or a dedicated table) and
> then displays a home page where the user can choose from different kind
> of queries (so I need to keep the user-id through all the 'session').
> Does anybody have a clue on how to manage it ?
> </AUTHENTICATION SCHEME>
>
> <SOLUTION?>
> So far the only 'ideas' I got are:
> 1) using a different procedure for each user, encapsulating the user-id
> in all the queries. I won't suggest it to a friend ..
> 2) using an hidden TAG where put a 'pretty long' string who represent
> the user-id (so there is a table where user-id is mapped to this string
> and, eventually, it is changed on a daily basis ..)
> </SOLUTION?>
>
> Thanks in advance,
> Roberto Galoppini
> rgaloppini@tim.it
> "Even paranoids have enemies"
>
----------------------------------------------------------------------
Robert S. Muhlestein
Web Technologist
NIKE, Inc.
Work: robert.muhlestein@nike.com
Personal: rmuhle@q7.com
Old: robertm@teleport.com
(Opinions and comments are my own, not NIKE's.)
----------------------------------------------------------------------
