php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #57149 add support for proxy authentication
Submitted: 2006-07-21 18:32 UTC Modified: 2012-10-26 05:19 UTC
From: jkeller at berkeley dot edu Assigned:
Status: No Feedback Package: OCI8 related
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: jkeller at berkeley dot edu
New email:
PHP Version: OS:

 

 [2006-07-21 18:32 UTC] jkeller at berkeley dot edu
Description:
------------
We would love to be able to use Oracle database "proxy authentication" with the oci8 library.  Proxy authentication is supported by Oracle's OCI library.  It would allow us to use an external authentication source (LDAP) and then securely pass the user identity to the database (so it is available for things like auditing and "fine-grained access control" at the database level).

If it is not difficult to add support for this feature to the PHP oci8 library, we would really appreciate it.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-06-19 10:27 UTC] amonh at mit dot edu
I am a programmer/analyst at MIT and we are requesting this as well. We are currently working on this issue as well. Please let us know if this is on the roadmap and/or if you would accept patches to add this functionality.
 [2009-06-21 21:34 UTC] amonh at mit dot edu
Partial functionality exists.

Pre-Test requirements:
create user app identified by "ppa";
create user bob identified by "obo";
grant create session to app;
grant create sesion to bob;
alter user bob connect through app;

PHP Test
<?php

require dirname(__FILE__)."/connect.inc";

$pc = oci_connect("app[bob]", "ppa", $dbase);
$stmt = oci_parse($pc, "select user from dual");
oci_execute($stmt);
var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS));
$t = oci_close_proxy_session($pc);
echo "Done\n";
?>

result:
array(2) {
  [0]=>
  string(3) "BOB"
  ["USER"]=>
  string(3) "BOB"
}
 [2009-06-21 21:46 UTC] amonh at mit dot edu
EDIT to remove oci_close_proxy_session line.

--
Partial functionality exists.

Pre-Test requirements:
create user app identified by "ppa";
create user bob identified by "obo";
grant create session to app;
grant create sesion to bob;
alter user bob connect through app;

PHP Test
<?php

require dirname(__FILE__)."/connect.inc";

$pc = oci_connect("app[bob]", "ppa", $dbase);
$stmt = oci_parse($pc, "select user from dual");
oci_execute($stmt);
var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS));
echo "Done\n";
?>

result:
array(2) {
  [0]=>
  string(3) "BOB"
  ["USER"]=>
  string(3) "BOB"
}
 [2011-11-09 23:50 UTC] sixd@php.net
-Package: oci8 +Package: OCI8 related
 [2011-11-10 00:25 UTC] sixd@php.net
-Status: Open +Status: Feedback
 [2011-11-10 00:25 UTC] sixd@php.net
From OCI8 1.4.0 PHP 5.3.1 an end-user identity can be passed into the DB with the 
oci_set_client_identifier() function.  This values is used for auditing, VPD and 
monitoring.  See http://www.oracle.com/technetwork/articles/dsl/php-web-auditing-
171451.html
 [2012-10-26 05:19 UTC] sixd@php.net
-Status: Feedback +Status: No Feedback
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Nov 04 06:01:28 2024 UTC