php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #57149 add support for proxy authentication
Submitted: 2006-07-21 18:32 UTC Modified: 2012-10-26 05:19 UTC
From: jkeller at berkeley dot edu Assigned:
Status: No Feedback Package: OCI8 related
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jkeller at berkeley dot edu
New email:
PHP Version: OS:

 

 [2006-07-21 18:32 UTC] jkeller at berkeley dot edu
Description:
------------
We would love to be able to use Oracle database "proxy authentication" with the oci8 library.  Proxy authentication is supported by Oracle's OCI library.  It would allow us to use an external authentication source (LDAP) and then securely pass the user identity to the database (so it is available for things like auditing and "fine-grained access control" at the database level).

If it is not difficult to add support for this feature to the PHP oci8 library, we would really appreciate it.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-06-19 10:27 UTC] amonh at mit dot edu
I am a programmer/analyst at MIT and we are requesting this as well. We are currently working on this issue as well. Please let us know if this is on the roadmap and/or if you would accept patches to add this functionality.
 [2009-06-21 21:34 UTC] amonh at mit dot edu
Partial functionality exists.

Pre-Test requirements:
create user app identified by "ppa";
create user bob identified by "obo";
grant create session to app;
grant create sesion to bob;
alter user bob connect through app;

PHP Test
<?php

require dirname(__FILE__)."/connect.inc";

$pc = oci_connect("app[bob]", "ppa", $dbase);
$stmt = oci_parse($pc, "select user from dual");
oci_execute($stmt);
var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS));
$t = oci_close_proxy_session($pc);
echo "Done\n";
?>

result:
array(2) {
  [0]=>
  string(3) "BOB"
  ["USER"]=>
  string(3) "BOB"
}
 [2009-06-21 21:46 UTC] amonh at mit dot edu
EDIT to remove oci_close_proxy_session line.

--
Partial functionality exists.

Pre-Test requirements:
create user app identified by "ppa";
create user bob identified by "obo";
grant create session to app;
grant create sesion to bob;
alter user bob connect through app;

PHP Test
<?php

require dirname(__FILE__)."/connect.inc";

$pc = oci_connect("app[bob]", "ppa", $dbase);
$stmt = oci_parse($pc, "select user from dual");
oci_execute($stmt);
var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS));
echo "Done\n";
?>

result:
array(2) {
  [0]=>
  string(3) "BOB"
  ["USER"]=>
  string(3) "BOB"
}
 [2011-11-09 23:50 UTC] sixd@php.net
-Package: oci8 +Package: OCI8 related
 [2011-11-10 00:25 UTC] sixd@php.net
-Status: Open +Status: Feedback
 [2011-11-10 00:25 UTC] sixd@php.net
From OCI8 1.4.0 PHP 5.3.1 an end-user identity can be passed into the DB with the 
oci_set_client_identifier() function.  This values is used for auditing, VPD and 
monitoring.  See http://www.oracle.com/technetwork/articles/dsl/php-web-auditing-
171451.html
 [2012-10-26 05:19 UTC] sixd@php.net
-Status: Feedback +Status: No Feedback
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC