Edit report at https://bugs.php.net/bug.php?id=57149&edit=1
ID: 57149 Updated by: s...@php.net Reported by: jkeller at berkeley dot edu Summary: add support for proxy authentication -Status: Feedback +Status: No Feedback Type: Feature/Change Request Package: OCI8 related Operating System: Irrelevant PHP Version: Irrelevant Block user comment: N Private report: N Previous Comments: ------------------------------------------------------------------------ [2011-11-10 00:25:59] s...@php.net >From OCI8 1.4.0 PHP 5.3.1 an end-user identity can be passed into the DB with >the oci_set_client_identifier() function. This values is used for auditing, VPD and monitoring. See http://www.oracle.com/technetwork/articles/dsl/php-web-auditing- 171451.html ------------------------------------------------------------------------ [2009-06-21 21:46:25] amonh at mit dot edu EDIT to remove oci_close_proxy_session line. -- Partial functionality exists. Pre-Test requirements: create user app identified by "ppa"; create user bob identified by "obo"; grant create session to app; grant create sesion to bob; alter user bob connect through app; PHP Test <?php require dirname(__FILE__)."/connect.inc"; $pc = oci_connect("app[bob]", "ppa", $dbase); $stmt = oci_parse($pc, "select user from dual"); oci_execute($stmt); var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS)); echo "Done\n"; ?> result: array(2) { [0]=> string(3) "BOB" ["USER"]=> string(3) "BOB" } ------------------------------------------------------------------------ [2009-06-21 21:34:53] amonh at mit dot edu Partial functionality exists. Pre-Test requirements: create user app identified by "ppa"; create user bob identified by "obo"; grant create session to app; grant create sesion to bob; alter user bob connect through app; PHP Test <?php require dirname(__FILE__)."/connect.inc"; $pc = oci_connect("app[bob]", "ppa", $dbase); $stmt = oci_parse($pc, "select user from dual"); oci_execute($stmt); var_dump(oci_fetch_array($stmt, OCI_RETURN_NULLS)); $t = oci_close_proxy_session($pc); echo "Done\n"; ?> result: array(2) { [0]=> string(3) "BOB" ["USER"]=> string(3) "BOB" } ------------------------------------------------------------------------ [2009-06-19 10:27:13] amonh at mit dot edu I am a programmer/analyst at MIT and we are requesting this as well. We are currently working on this issue as well. Please let us know if this is on the roadmap and/or if you would accept patches to add this functionality. ------------------------------------------------------------------------ [2006-07-21 18:32:34] jkeller at berkeley dot edu Description: ------------ We would love to be able to use Oracle database "proxy authentication" with the oci8 library. Proxy authentication is supported by Oracle's OCI library. It would allow us to use an external authentication source (LDAP) and then securely pass the user identity to the database (so it is available for things like auditing and "fine-grained access control" at the database level). If it is not difficult to add support for this feature to the PHP oci8 library, we would really appreciate it. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=57149&edit=1
