JSP/Oracle Authentication
Pablo Gosse
Greenhorn
Posts: 2
posted 15 years ago
Hi all, I've got a question about using JSP with Oracle that I'm hoping someone will be able to answer. Here's the situation:
I'm developing a number of small JSP applications on our secure server, and for authentication I'm going to be using the users table which already exists for another oracle application. The passwords stored in this table are encrypted.
My problem is that I'm uncertain if the password sent over by login.jsp, for example, will match the password in the database when the query is executed, since the password in the database in encrypted and the password sent in the query is not.
I've been unable to test it yet, as I don't currently have access to the production database (and won't for a couple of weeks), but I'm curious if anyone can give me an idea of whether this will work or not, or perhaps if I'll have to find a oracle package or PL/SQL stored procedure which will handle the authentication against the db for me.
Perhaps the package or procedure would be called from the jsp and accept the values from the form, perform the encryption and authentication of the un/pw and return a true/false value?
Can anyone give me an idea if what I mention in the last paragraph is on the right track or if I'm way off base? And if I am way off base, what direction should I be headed in?
Thanks in advance.
Pablo
I'm developing a number of small JSP applications on our secure server, and for authentication I'm going to be using the users table which already exists for another oracle application. The passwords stored in this table are encrypted.
My problem is that I'm uncertain if the password sent over by login.jsp, for example, will match the password in the database when the query is executed, since the password in the database in encrypted and the password sent in the query is not.
I've been unable to test it yet, as I don't currently have access to the production database (and won't for a couple of weeks), but I'm curious if anyone can give me an idea of whether this will work or not, or perhaps if I'll have to find a oracle package or PL/SQL stored procedure which will handle the authentication against the db for me.
Perhaps the package or procedure would be called from the jsp and accept the values from the form, perform the encryption and authentication of the un/pw and return a true/false value?
Can anyone give me an idea if what I mention in the last paragraph is on the right track or if I'm way off base? And if I am way off base, what direction should I be headed in?
Thanks in advance.
Pablo
Rehan Malik
Ranch Hand
Posts: 76
Pablo Gosse
Greenhorn
Posts: 2
posted 15 years ago
No, unfortunately I'm pretty sure it's not the main user table in oracle. It's the user table for Banner, a huge application that piggy-backs Oracle.
The passwords in the table are encrypted, so I'm wondering if:
a) the passwords sent over by the jsp page will be encrypted when the table is queried, and
b) if they're not, what do I need to do to encrypt them (ie., call a stored procedure or existing package).
Thanks,
Pablo
The passwords in the table are encrypted, so I'm wondering if:
a) the passwords sent over by the jsp page will be encrypted when the table is queried, and
b) if they're not, what do I need to do to encrypt them (ie., call a stored procedure or existing package).
Thanks,
Pablo
