Home » Fusion Middleware & Colab Suite » Weblogic & Application Server » securing userid/password included in formsweb.cfg (Fusion Middleware 11g / MS Windows 2008)
securing userid/password included in formsweb.cfg [message #528125] Fri, 21 October 2011 17:29 Go to next message
hxlasheen
Messages: 3
Registered: October 2011
Location: Cairo
Junior Member
Dear all,

I need your suggestions on how can I protect the user id and passwords that are explicitly written into formsweb.cfg configuration file. The id/pw that is included in the formsweb.cfg is mainly used to establish the first connection with database and load the login initial menu to business users to login into the application. There is a concern in putting the password in plain text into this configuration file due to the risk of knowing the password via unauthorized users who can then login to the database - appreciate your insights/suggestions
Re: securing userid/password included in formsweb.cfg [message #528156 is a reply to message #528125] Sat, 22 October 2011 05:13 Go to previous messageGo to next message
ranamirfan
Messages: 535
Registered: January 2006
Location: Pakistan / Saudi Arabia
Senior Member

Please find herewith attached screenshot.
/forum/fa/9493/0/

Then you can call your form like below URL.
http://irfan:9001/forms/frmservlet?config=App



Hope it'll help you.

Regards,
Irfan

  • Attachment: formsweb.PNG
    (Size: 33.78KB, Downloaded 2174 times)
Re: securing userid/password included in formsweb.cfg [message #528224 is a reply to message #528156] Sun, 23 October 2011 05:17 Go to previous messageGo to next message
hxlasheen
Messages: 3
Registered: October 2011
Location: Cairo
Junior Member
Thank you for your response; however, my objective is to avoid putting the user name and password into formsweb.cfg configuration file as it raised a concern for potential access to this file and retrieving the user id/ passowrd information that are writter in plan text. I am trying to find a solution to avoid reading the file and getting the user id & password by unauthorized users - appreciate your help.
Re: securing userid/password included in formsweb.cfg [message #528364 is a reply to message #528224] Mon, 24 October 2011 08:40 Go to previous messageGo to next message
joy_division
Messages: 4949
Registered: February 2005
Location: East Coast USA
Senior Member
On the app server, only the oracle user should have access to this file, therefore no one would be able to read it other than the authorized oracle user or of course a sysadmin.
Re: securing userid/password included in formsweb.cfg [message #528373 is a reply to message #528224] Mon, 24 October 2011 09:39 Go to previous messageGo to next message
John Watson
Messages: 8321
Registered: January 2010
Location: Global Village
Senior Member
I don't know because I've never tried it, but I would hope that Forms as shipped with 11g would be able to use an External Password Store. This is a really useful alternative to embedding logons in scripts. In your formswb.cfg file, you would need only an entry such as

userid=/@orcl

It's all documented in the Security Guide,

http://download.oracle.com/docs/cd/E11882_01/network.112/e16543/authentication.htm#CHDHGAIJ
Re: securing userid/password included in formsweb.cfg [message #528404 is a reply to message #528156] Mon, 24 October 2011 13:19 Go to previous message
joy_division
Messages: 4949
Registered: February 2005
Location: East Coast USA
Senior Member
I forgot to mention in my previous response...Do you use Single Sign-On (SSO)? This would take care of embedding any user or password information in the configuration file.
Previous Topic: Problem with general testing of forms using 'http://servername/forms/frmservlet'
Next Topic: StaleConnectionException exception
Goto Forum:
  


Current Time: Wed Aug 12 16:47:50 CDT 2020