php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #19714 OCI8: Using default user in OCI8 functions
Submitted: 2002-10-02 08:04 UTC Modified: 2004-04-19 11:18 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: jomar at hafro dot is Assigned: maxim (profile)
Status: Wont fix Package: Feature/Change Request
PHP Version: 4.2.2 OS: SunOS
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jomar at hafro dot is
New email:
PHP Version: OS:

 

 [2002-10-02 08:04 UTC] jomar at hafro dot is
I?m using Apache enviroment :
SetEnv ORACLE_HOME /usr/oracle
SetEnv ORA_NLS33 /usr/oracle/ocommon/nls/admin/data
SetEnv NLS_LANG icelandic_america

I also set the tns_names and more env within root enviroment before I execute apachectl start running php as a module. 
I also compiled Php with Oci8.

I?m having trouble with ocilogon function when I use the 
ocilogon("/","") (default user/nopass,server)

If I logon using a valid username and password then it is ok, but when I use this method it returns an ora error :
ORA-01005: null password given; logon denied 

I also have the ora libs and if I use ora_logon("/","") that seems to work.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-11-11 13:08 UTC] maxim@php.net
Oracle does not seem to read user/pass if it is passed to it as the username via OCILogon.

When second parameter is an empty strng OCISessionBegin() complains about the "NULL password Given" while if username contains '/' it is 1) unparsed by API, 2) will still leave OCISessionBegin() without a password.

I will take a look at it.

 [2004-04-19 06:05 UTC] cjbj at hotmail dot com
From http://otn.oracle.com/tech/opensource/php/php_troubleshooting_faq.html#extauth

"Allowing externally authenticated database connections over the web would be a potential security risk for most configurations. Luckily PHP's OCI8 extension will not allow external authentication where the username is "/" and the password an empty string. The call in PHP's oci8.c to Oracle's OCISessionBegin() always sets the credential flag to OCI_CRED_RDBMS. To support operating system authentication the PHP source code would have to be changed to pass Oracle the OCI_CRED_EXT flag when appropriate."
 [2004-04-19 08:10 UTC] tony2001@php.net
That seems to be a useful feature, which makes PHP more secure, so I'm changing this to Won't fix.
 [2004-04-19 11:18 UTC] jomar at hafro dot is
External logon can be in many ways. 
It seems to me that you are defining a LAN like it is ,,external logon" with the Database on a different machine than the web server but does not logon through the internet or the web. 

So I would like to have a feture OCI8 that says "allow_external_logon" or something like that. This is mainly a historical problem because many of old perl programs and the oldest php programs are using this feture and its very hard to go and change both the oracle configuration and the programs.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 10:01:28 2024 UTC