Apache :: Authenticate Username / Password Using Oracle Stored Procedure?
Apr 8, 2014
I have an app that opens a new browser window to a URL that opens a PDF file at a named destination. For example: URL.....I need to authenticate each user that enters this link, but preferably only once per browser session (valid until user closes browser). This authentication process needs to be performed by an oracle-database stored procedure (via a Java servlet, or other technology). Any outline steps or reference link?
The idea would be when the user enters this link, that a popup window appears asking for a username and password, which then get verified by the stored procedure, and then, and only then, the URL address is allowed to proceed.I know I can implement password protection in `.htaccess` as follows.
But, I need this process to connect to the stored procedure to validate the user, because this stored procedure has to apply business logic to determine the users' subscription status, etc., which can change at any time.
Is this possible to log username and password passed by GET request for basic authentication?I generate link to some part of my website by [URL] ....
It works without any problems for 90% users but some of them got information that there is password mismatch.So I would like to log all request with information about passed login and password in text plain.
I have been trying to get password protected directories working on my Linode server. It works / behaves in a desktop browser somewhat but not like I am used to with hostmonster. Also for some reason my phone (windows phone just loads the page in the protected directory without prompting for a password. So I imagine there is some security thing I am missing that none of the info I have found searching talks about. Here is what I have done. I have created a password file and set the permissions correctly on that and it works on the desktop. However when I close the browser or open a private browsing session I am never prompted for a password again. It just feels insecure. Plus my windows phone just loads the page with no prompt. With hostmonster if I closed the browser window it would ask me for the username and password again. I also tested hostmonster directory passwords on my phone and it prompts for a username/password.
Here is what I have added to the apache2.conf file. The rest is pretty much default. There is no .htaccess file for that directory.
<Directory "/var/www/protected"> AllowOverride All AuthType basic AuthName "Enter Login" AuthUserFile /etc/htpasswd/.htpasswd Require valid-user Order deny,allow Allow from user1 </Directory>
It may be worth noting that I have two virtual sites / domain names running on this server at the moment however the one that is being used for this is the primary domain name.
from some time, the plesk password is no more stored in chrome.I mean that even I delete all passwords/history etc chrome don't ask to save password...so something changed in the login page I suppose.from same time every time I connect to any plesk panel. Chrome say that it's not safe and I have to click "advanced" to continue, even it's a new installation make some minute before.
each time i migrate a Domain from a plesk 9.5.5 Windows Hosting Server towards the new plesk 11.5 Server the customers iusr Password does not match the Systems iusr Password.so after each Migration the Website is requesting a username and Password.
1. how to solve that for the whole Installation?
2. at plesk 7.5 and later there was a Workaround which is not anymore supported: websrvmng.exe â€“update-anon-password â€“domain-name=yourdomain.com
have been handed a project to migrate a web page from our old Oracle OAS 10G server to a Oracle Weblogic llg server.
This page is manually deployed along with the web folder from a third-party Automic Applications Manager (formerly Appworx).
We are not using the default Apache server that ships with the product due to all the paperwork and configuration required to deploy it in a secure environment.
The old configuration is already approved to allow connection via our Oracle (Apache) webservers.
I can launch the page fine but when I call the .jsp file to launch it it opens the file instead of launching it (Windows 2008 server).
I've associated the file types, jsp and jnlp to javaws.exe. I found a reference in the old httpd.conf file and added this to the new httpd.conf file on the weblogic server. I also dug into the default install and found the same line. I've bounced the ohs to source this and it still opens instead of launches. How do I change this behavior?
I am using user authentication with the following components:
Apache/2.4.10 (Win32) + mod_auth_basic + mod_authn_dbd + mod_dbd + ODBC Driver + Microsoft SQL Server 2008(SP3).
It works fine except when I do not provide any username when browser asks for username and password. In this case I receive the "Internal Server Error" as the response instead of "Unauthorized" response.
The most interesting part of the error.log is:
[Sat Sep 27 21:23:17.639860 2014] [authn_dbd:error] [pid 1208:tid 1636] [client 127.0.0.1:1363] AH01656: Query execution error looking up '' in database [[dbd_odbc] SQLBindParameter returned SQL_ERROR (-1) at apr_dbd_odbc.c:604 [Microsoft][ODBC SQL Server Driver]Invalid precision value HY104 ]
The AuthDBDUserPWQuery directive in my httpd.conf is:
AuthDBDUserPWQuery "SELECT password FROM member WHERE CONVERT(VARCHAR(10), member_Index) = %s"
And the member_Index column in the database is smallint.
I am setting up a VPS / Linux server, created an account, and set up an email account. However, when I attempt to access the email account via. pop3, either the email account or pw is not accepted. However, I can access the same email account via. IMAP.
Also, I can telenet into the pop3 system, but not log into the account, and I can access the account via. WEBMAIL.
I set up the account with WHM/CPanel. Is there some required setting to activate or setup the pop3 system?
I created a SQL Server database that need sto be setup for the customer on their hosting account. The hosting company wanted the sql statemens, ok so I gave it to them to setup my tables and stored procedures. I also mentioned that if they gave me a username and password with database location and catalog name for the connection string and as long as I had create rights for that database I could run my own sql statements via SQL Server Enterprise Manager to set it up. They sent an excuse about how insecure that wasy and that they couldn't send any usernames or passwords for the database to me t set this up.
They also said it's becomming more common for Hosting Companies to not allow access to the databases for thatpurpose. Ok... uh how in the world do they expect to have a programmer create and run their data driven website without that information? I'm confused on what these guys are doing.
So.. is this true? Are more hosting companies hording their database infromation and customer usernames and passwords from the developers?
I have two hard disks, and I would like to move all of my MySQL data onto the second drive. My dilema is this; what is the best way to go about doing this? The tutorial I followed last night had me use cp to copy the /var/lib/mysql folder over to the second drive. However, it took ages to move one of my databases. It's a forum hosting database which has tons and tons of tables. It ran for about 5 hours and still didn't finish because I decided to stop it right there. I know it was working; but still, it took forever and I had to put it back up.
What would you do? Do you recommend say, copying just the 'mysql' database that has the users, and then taking a dump of all databases with mysqldump and moving it that way?
Also, is there any way using the cp command to continue what I started last night, but not write a database file if it hasn't chnaged at all?
I have a client who will be pointing their domain to my reseller server. I have already setup the account on my server and made the appropriate DNS changes with their domain registrar - so the domain should be pointing to my server soon.
However, what is the normal procedure for migrating email accounts, without loosing mail?
When should they change email account settings?
Should they use their current settings until they get an error, or no longer receive mail, then change settings to match my server?
I would to use: htdigest -c filename.htpasswd Group usernamein file batch to insert a set of users with password.I can use it without having to enter the password from the keyboard?I tried echo pass| htdigest -c filename.htpasswd Group username but it does not work.