Forms 6i Security
How do I make our 3rd party appl forms login more secure?
Currently, the appl program uses a primitive database authentication method
by providing the username and password of the database in clear text inside
a .ini file. Changing the database user and password will be useless due to
password being exposed literally. Users of the application are registered in a table in the database with the password of the user exposed in clear text. An administrator or anybody with database access will be able see a user's password in clear text thus user authentication is compromised.
Can I change the username to point to the database username and not a table?
Can I incrypt the password table entry itself?
Can I incrypt the .ini file so as not to show literal passwords?
Can I use the form to get the userid/passwd from LDAP active directory server?
Please help ....thanks a lot
Behind The Success And Failure Of A Man Is A Woman
Might try External Authentication
We're on a slightly older version of FORMS as you but this should still work.
We have a 3rd party FORMS app which, like yours, used to throw up its own login prompt based on a table where ID's and passwords were stored in clear text. We had our 3rd party developer change the application to eliminate the login prompt completely. We then setup in Oracle a bunch of 'external authentication' ID's - one for each of our users. Our icon for launching the application now looks like this:
G:\95apps\Ciris\Orawin\Bin\F50run32.exe F01MAIN /
The forward slash at the end designates external authentication. So, if I'm logged into Windows as RPERRY and there exists an Oracle ID of "OPS$RPERRY" then I'm automatically logged into the 3rd party FORMS app without having to deal with a login prompt.
You would need in your init.ora file these lines:
remote_os_authent = true
os_authent_prefix = OPS$
(you can actually use any prefix you want).
Oracle ID's are created to match windows ID's with the indicated prefix and the 'external authentication' box checked. No password required.
Click Here to Expand Forum to Full Width