ID: 19714 User updated by: jomar at hafro dot is Reported By: jomar at hafro dot is Status: Wont fix Bug Type: Feature/Change Request Operating System: SunOS PHP Version: 4.2.2 Assigned To: maxim New Comment:
External logon can be in many ways. It seems to me that you are defining a LAN like it is ,,external logon" with the Database on a different machine than the web server but does not logon through the internet or the web. So I would like to have a feture OCI8 that says "allow_external_logon" or something like that. This is mainly a historical problem because many of old perl programs and the oldest php programs are using this feture and its very hard to go and change both the oracle configuration and the programs. Previous Comments: ------------------------------------------------------------------------ [2004-04-19 08:10:40] [EMAIL PROTECTED] That seems to be a useful feature, which makes PHP more secure, so I'm changing this to Won't fix. ------------------------------------------------------------------------ [2004-04-19 06:05:10] cjbj at hotmail dot com From http://otn.oracle.com/tech/opensource/php/php_troubleshooting_faq.html#extauth "Allowing externally authenticated database connections over the web would be a potential security risk for most configurations. Luckily PHP's OCI8 extension will not allow external authentication where the username is "/" and the password an empty string. The call in PHP's oci8.c to Oracle's OCISessionBegin() always sets the credential flag to OCI_CRED_RDBMS. To support operating system authentication the PHP source code would have to be changed to pass Oracle the OCI_CRED_EXT flag when appropriate." ------------------------------------------------------------------------ [2002-11-11 13:08:10] [EMAIL PROTECTED] Oracle does not seem to read user/pass if it is passed to it as the username via OCILogon. When second parameter is an empty strng OCISessionBegin() complains about the "NULL password Given" while if username contains '/' it is 1) unparsed by API, 2) will still leave OCISessionBegin() without a password. I will take a look at it. ------------------------------------------------------------------------ [2002-10-02 08:04:17] jomar at hafro dot is I´m using Apache enviroment : SetEnv ORACLE_HOME /usr/oracle SetEnv ORA_NLS33 /usr/oracle/ocommon/nls/admin/data SetEnv NLS_LANG icelandic_america I also set the tns_names and more env within root enviroment before I execute apachectl start running php as a module. I also compiled Php with Oci8. I´m having trouble with ocilogon function when I use the ocilogon("/","") (default user/nopass,server) If I logon using a valid username and password then it is ok, but when I use this method it returns an ora error : ORA-01005: null password given; logon denied I also have the ora libs and if I use ora_logon("/","") that seems to work. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=19714&edit=1
