php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #57149 add support for proxy authentication
Submitted: 2006-07-21 18:32 UTC Modified: 2012-10-26 05:19 UTC
From: jkeller at berkeley dot edu Assigned:
Status: No Feedback Package: OCI8 related
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2006-07-21 18:32 UTC] jkeller at berkeley dot edu
Description:
------------
We would love to be able to use Oracle database "proxy authentication" with the oci8 library.  Proxy authentication is supported by Oracle's OCI library.  It would allow us to use an external authentication source (LDAP) and then securely pass the user identity to the database (so it is available for things like auditing and "fine-grained access control" at the database level).

If it is not difficult to add support for this feature to the PHP oci8 library, we would really appreciate it.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-06-19 10:27 UTC] amonh at mit dot edu
I am a programmer/analyst at MIT and we are requesting this as well. We are currently working on this issue as well. Please let us know if this is on the roadmap and/or if you would accept patches to add this functionality.
 [2009-06-21 21:34 UTC] amonh at mit dot edu
Partial functionality exists.

Pre-Test requirements:
create user app identified by "ppa";
create user bob identified by "obo";
grant create session to app;
grant create sesion to bob;
alter user bob connect through app;

PHP Test
<?php

require dirname(__FILE__)."/connect.inc";

$pc = oci_connect("app[bob]", "ppa", $dbase);
$stmt = oci_parse($pc, "select user from dual");
oci_execute($stmt);
var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS));
$t = oci_close_proxy_session($pc);
echo "Done\n";
?>

result:
array(2) {
  [0]=>
  string(3) "BOB"
  ["USER"]=>
  string(3) "BOB"
}
 [2009-06-21 21:46 UTC] amonh at mit dot edu
EDIT to remove oci_close_proxy_session line.

--
Partial functionality exists.

Pre-Test requirements:
create user app identified by "ppa";
create user bob identified by "obo";
grant create session to app;
grant create sesion to bob;
alter user bob connect through app;

PHP Test
<?php

require dirname(__FILE__)."/connect.inc";

$pc = oci_connect("app[bob]", "ppa", $dbase);
$stmt = oci_parse($pc, "select user from dual");
oci_execute($stmt);
var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS));
echo "Done\n";
?>

result:
array(2) {
  [0]=>
  string(3) "BOB"
  ["USER"]=>
  string(3) "BOB"
}
 [2011-11-09 23:50 UTC] sixd@php.net
-Package: oci8 +Package: OCI8 related
 [2011-11-10 00:25 UTC] sixd@php.net
-Status: Open +Status: Feedback
 [2011-11-10 00:25 UTC] sixd@php.net
From OCI8 1.4.0 PHP 5.3.1 an end-user identity can be passed into the DB with the 
oci_set_client_identifier() function.  This values is used for auditing, VPD and 
monitoring.  See http://www.oracle.com/technetwork/articles/dsl/php-web-auditing-
171451.html
 [2012-10-26 05:19 UTC] sixd@php.net
-Status: Feedback +Status: No Feedback
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Wed Dec 01 05:03:34 2021 UTC