Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

JSP/Oracle Authentication  RSS feed

 
Pablo Gosse
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all, I've got a question about using JSP with Oracle that I'm hoping someone will be able to answer. Here's the situation:
I'm developing a number of small JSP applications on our secure server, and for authentication I'm going to be using the users table which already exists for another oracle application. The passwords stored in this table are encrypted.
My problem is that I'm uncertain if the password sent over by login.jsp, for example, will match the password in the database when the query is executed, since the password in the database in encrypted and the password sent in the query is not.
I've been unable to test it yet, as I don't currently have access to the production database (and won't for a couple of weeks), but I'm curious if anyone can give me an idea of whether this will work or not, or perhaps if I'll have to find a oracle package or PL/SQL stored procedure which will handle the authentication against the db for me.
Perhaps the package or procedure would be called from the jsp and accept the values from the form, perform the encryption and authentication of the un/pw and return a true/false value?
Can anyone give me an idea if what I mention in the last paragraph is on the right track or if I'm way off base? And if I am way off base, what direction should I be headed in?
Thanks in advance.
Pablo
 
Rehan Malik
Ranch Hand
Posts: 76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're accessing the main user table in Oracle, then all you have to do is make a connection to the database. If it succeeds, it's a valid user, if not, do anything you want with them.
 
Pablo Gosse
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, unfortunately I'm pretty sure it's not the main user table in oracle. It's the user table for Banner, a huge application that piggy-backs Oracle.
The passwords in the table are encrypted, so I'm wondering if:
a) the passwords sent over by the jsp page will be encrypted when the table is queried, and
b) if they're not, what do I need to do to encrypt them (ie., call a stored procedure or existing package).
Thanks,
Pablo
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!