php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #57149 add support for proxy authentication
Submitted: 2006-07-21 18:32 UTC Modified: 2012-10-26 05:19 UTC
From: jkeller at berkeley dot edu Assigned:
Status: No Feedback Package: OCI8 related
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
47 - 4 = ?
Subscribe to this entry?

 
 [2006-07-21 18:32 UTC] jkeller at berkeley dot edu
Description:
------------
We would love to be able to use Oracle database "proxy authentication" with the oci8 library.  Proxy authentication is supported by Oracle's OCI library.  It would allow us to use an external authentication source (LDAP) and then securely pass the user identity to the database (so it is available for things like auditing and "fine-grained access control" at the database level).

If it is not difficult to add support for this feature to the PHP oci8 library, we would really appreciate it.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-06-19 10:27 UTC] amonh at mit dot edu
I am a programmer/analyst at MIT and we are requesting this as well. We are currently working on this issue as well. Please let us know if this is on the roadmap and/or if you would accept patches to add this functionality.
 [2009-06-21 21:34 UTC] amonh at mit dot edu
Partial functionality exists.

Pre-Test requirements:
create user app identified by "ppa";
create user bob identified by "obo";
grant create session to app;
grant create sesion to bob;
alter user bob connect through app;

PHP Test
<?php

require dirname(__FILE__)."/connect.inc";

$pc = oci_connect("app[bob]", "ppa", $dbase);
$stmt = oci_parse($pc, "select user from dual");
oci_execute($stmt);
var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS));
$t = oci_close_proxy_session($pc);
echo "Done\n";
?>

result:
array(2) {
  [0]=>
  string(3) "BOB"
  ["USER"]=>
  string(3) "BOB"
}
 [2009-06-21 21:46 UTC] amonh at mit dot edu
EDIT to remove oci_close_proxy_session line.

--
Partial functionality exists.

Pre-Test requirements:
create user app identified by "ppa";
create user bob identified by "obo";
grant create session to app;
grant create sesion to bob;
alter user bob connect through app;

PHP Test
<?php

require dirname(__FILE__)."/connect.inc";

$pc = oci_connect("app[bob]", "ppa", $dbase);
$stmt = oci_parse($pc, "select user from dual");
oci_execute($stmt);
var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS));
echo "Done\n";
?>

result:
array(2) {
  [0]=>
  string(3) "BOB"
  ["USER"]=>
  string(3) "BOB"
}
 [2011-11-09 23:50 UTC] sixd@php.net
-Package: oci8 +Package: OCI8 related
 [2011-11-10 00:25 UTC] sixd@php.net
-Status: Open +Status: Feedback
 [2011-11-10 00:25 UTC] sixd@php.net
From OCI8 1.4.0 PHP 5.3.1 an end-user identity can be passed into the DB with the 
oci_set_client_identifier() function.  This values is used for auditing, VPD and 
monitoring.  See http://www.oracle.com/technetwork/articles/dsl/php-web-auditing-
171451.html
 [2012-10-26 05:19 UTC] sixd@php.net
-Status: Feedback +Status: No Feedback
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Jan 20 08:03:48 2022 UTC