PL/SQL only NTLM authentication
653650Aug 5 2008 — edited Sep 21 2008Hi!
I have a question about recently published PL/SQL only NTLM auth in APEX (http://www.oracle.com/technology/products/database/application_express/pdf/apex_ntlm_authentication_wp.pdf).
Do I understand correctly that the code in the paper only relies on the fact that token length for silent negotiation and the case when browser prompted for username and password is different? So, no check against AD is performed, making this authentication very easy to spoof.
Is there a PL/SQL code out there that actually queries AD prior to granting access?