Oracle Forms

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Forms login security

OraCool2016Mar 6 2008 — edited Mar 7 2008

Hi Friends,

How do I make our 3rd party appl forms login more secure?

Currently, the appl program uses a primitive database authentication method
by providing the username and password of the database in clear text inside
a .ini file. Changing the database user and password will be useless due to
password being exposed literally. Users of the application are registered in a table in the database with the password of the user exposed in clear text. An administrator or anybody with database access will be able see a user's password in clear text thus user authentication is compromised.

Can I change the username to point to the database username and not a table?
Can I incrypt the password table entry itself?
Can I incrypt the .ini file so as not to show literal passwords?
Can I use the form to get the userid/passwd from LDAP active directory server?

Please help ....thanks a lot

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 4 2008

Added on Mar 6 2008

#forms, #moved-from-devops

7 comments

1,058 views