PHP :: Request #19714 :: OCI8: Using default user in OCI8 functions

Request #19714

OCI8: Using default user in OCI8 functions

Submitted:

2002-10-02 08:04 UTC

Modified:

2004-04-19 11:18 UTC

Votes:	3
Avg. Score:	5.0 ± 0.0
Reproduced:	3 of 3 (100.0%)
Same Version:	1 (33.3%)
Same OS:	1 (33.3%)

From:

jomar at hafro dot is

Assigned:

maxim (profile)

Status:

Wont fix

Package:

Feature/Change Request

PHP Version:

4.2.2

OS:

SunOS

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	jomar at hafro dot is
New email:
PHP Version:		OS:

New/Additional Comment:

[2002-10-02 08:04 UTC] jomar at hafro dot is

I?m using Apache enviroment :
SetEnv ORACLE_HOME /usr/oracle
SetEnv ORA_NLS33 /usr/oracle/ocommon/nls/admin/data
SetEnv NLS_LANG icelandic_america

I also set the tns_names and more env within root enviroment before I execute apachectl start running php as a module. 
I also compiled Php with Oci8.

I?m having trouble with ocilogon function when I use the 
ocilogon("/","") (default user/nopass,server)

If I logon using a valid username and password then it is ok, but when I use this method it returns an ora error :
ORA-01005: null password given; logon denied 

I also have the ora libs and if I use ora_logon("/","") that seems to work.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-11-11 13:08 UTC] maxim@php.net

Oracle does not seem to read user/pass if it is passed to it as the username via OCILogon.

When second parameter is an empty strng OCISessionBegin() complains about the "NULL password Given" while if username contains '/' it is 1) unparsed by API, 2) will still leave OCISessionBegin() without a password.

I will take a look at it.

[2004-04-19 06:05 UTC] cjbj at hotmail dot com

From http://otn.oracle.com/tech/opensource/php/php_troubleshooting_faq.html#extauth

"Allowing externally authenticated database connections over the web would be a potential security risk for most configurations. Luckily PHP's OCI8 extension will not allow external authentication where the username is "/" and the password an empty string. The call in PHP's oci8.c to Oracle's OCISessionBegin() always sets the credential flag to OCI_CRED_RDBMS. To support operating system authentication the PHP source code would have to be changed to pass Oracle the OCI_CRED_EXT flag when appropriate."

[2004-04-19 08:10 UTC] tony2001@php.net

That seems to be a useful feature, which makes PHP more secure, so I'm changing this to Won't fix.

[2004-04-19 11:18 UTC] jomar at hafro dot is

External logon can be in many ways. 
It seems to me that you are defining a LAN like it is ,,external logon" with the Database on a different machine than the web server but does not logon through the internet or the web. 

So I would like to have a feture OCI8 that says "allow_external_logon" or something like that. This is mainly a historical problem because many of old perl programs and the oldest php programs are using this feture and its very hard to go and change both the oracle configuration and the programs.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 19:01:30 2024 UTC