Public User - Configuration vs request attribute
ADR 3.0, APEX 5.0.2
Most of our APEX applications have been there since earlier versions, so the application User Public attribute is set to HTMLDB_PUBLIC_USER. The configuration file apex/apex/conf/apex.xml ADR specifies the HTMLDB_PUBLIC_USER and the password. But our database audit trail (sys.aud$) displays connections made by APEX_PUBLIC_USER from the server running ADR. I checked, and I see some newer applications with the set of attributes User Public to APEX_PUBLIC_USER but that is what causes the database connections? I thought that all database connections have been made under the user name specified in the config apex.xml ADR file. I even blocked the apex_public_user account and the app worked fine.
This who/what connects as apex_public_user and why? What is the link between the user of the DAD in apex.xml and the application User Publicattribute?
Thank you
Hi VANJ.
Well, the good news is, that you have set up users rest (with the apex_rest_config.sql script) correctly.
Everything works correctly, the following occurs:
- To download the static files in APEX 5 they had put in place a mechanism to support relative paths. With ADR, they use the APEX rest Webservices by the users APEX_LISTENER and APEX_REST_PUBLIC_USER. With mod_plsql they use PlsqlPathAliasProcedure wwv_flow.resolve_friendly_url ( https://docs.oracle.com/cd/E59726_01/install.50/e39144/http_server.htm#HTMIG29263 )
- With ADR, the following sequence occurs when you use a static file:
- a connection is established using APEX_LISTENER to search for the required RESTful webservice definition.
- is a connection using APEX_REST_PUBLIC_USER and a proxy connect via the user APEX_PUBLIC_USER that happens in the database itself. The apex_public_user session is not connected directly from the outside, but with apex_rest_public_user and then the identity of the user is enabled.
You can see the definition here:
So what is happening is perfectly normal, and you can even watch behind the scenes.
I created a web service by using the following query:
Select ' AUTHENTICATED_IDENTITY: ' | sys_context ('USERENV', 'AUTHENTICATED_IDENTITY'),
"CURRENT_SCHEMA...: ' |" sys_context ('USERENV', 'CURRENT_SCHEMA'),
"CURRENT_SCHEMAID...: ' |" sys_context ('USERENV', 'CURRENT_SCHEMAID'),
"ENTERPRISE_IDENTITY...: ' |" sys_context ('USERENV', 'ENTERPRISE_IDENTITY'),
"IDENTIFICATION_TYPE...: ' |" sys_context ('USERENV', 'IDENTIFICATION_TYPE'),
"OS_USER...: ' |" sys_context ('USERENV', 'OS_USER'),
"PROXY_USER...: ' |" sys_context ('USERENV', 'PROXY_USER'),
"PROXY_USERID...: ' |" sys_context ('USERENV', 'PROXY_USERID'),
"SESSION_USER...: ' | '. sys_context ('USERENV', 'SESSION_USER'),
"SESSION_USERID...: ' |" sys_context ('USERENV', 'SESSION_USERID'),
"SESSIONID...: ' | '. sys_context ('USERENV', 'SESSIONID'),
'SID...................: '|| sys_context ('USERENV', 'SID'),
user
of the double
In fact, this will reveal the different identities:
In this example, the user executing the statement is 'TRAINING', but the proxy connection to the database user is "APEX_REST_PUBLIC_USER". This proxy authentication is really cool because she seems to be a separate direct connection using the schema of analysis... and everything in the context (even select user to twice) works very well. This is different from the way in which APEX implements the schema of analysis using dbms_sys_sql.parse_as_user which sometimes causes headaches.
in any case, everything looks good,
~ Dietmar.
Tags: Database
Similar Questions
-
What is the "User Configuration" password that is requested after the update?
OSX makes an update last night (I'm on 10.11.3) and after it reboot it asked me password "User Configuration", see picture below. I am aware that you can just restart workaround - but as we have seen repeatedly in our office now, we would like to know exactly why it's happening.
Can anyone confirm that this is a bug?
Just press Command + Option + command + DELETE keys and it will switch to full name of user and password.
-
Error "requested attribute is not valid.
I'm looking to get a program (and ultimately define) attributes camera with CVI. I can get the values attribute, such as ROI_WIDTH to the imgGetAttribute function, but not all and not that I really need access, which are 'Exposure time' and 'Gain value'. I can see and set the exposure time and acquire the value of the attributes of camera in MAX. However, when I try to use the function imgGetCameraAttributeString in IMAQ for these attributes, I get the error "the requested attribute is not valid. My camera is the Basler acA2040 - 180km. In all other respects - alignment, etc. the camera grabbing interface, works great.
I don't see what I am doing wrong or miss this piece, but it's obviously something. I took the example of OR 'Attributes analog' as a point of departure, but that generates the same mistakes. How MAX can handle these attributes of the camera, but I can't in CVI? Is there some piece of missing configuration?
I'm a little new to this environment, but would appreciate a lot of help, someone has.
Thanks in advance,
Wayne Showalter
Hi Wayne,
IMAQ differerentiates in the behavior and the API regarding the "IMAQ attributes" (defined by the IMAQ driver) and 'Camera' (defined in the file of the camera). All those with fixed constants (such as ROI_WIDTH) are attributes IMAQ while those who precisely to put something in the camera picture is of the attributes of the camera. You will need to use the API to Get/SetCameraAttribute for those. There are different functions of string vs. numeric attributes. I suspect that if you call it with imgSetCameraAttributeNumeric() it will work.
Eric
-
Display fields in the User Configuration
Good day to all.
In the configuration of the interface, we have the user configuration option to define fields that appears when you configure individual users. When you go to User Configuration and click on a letter/number in the "list users starting with the letter /:" section, is possible to configure the display in the right pane which now shows just
User Status Group Network access profile We do not NAP is a useless field for us. I want to set it up for one of our pre-defined user configuration fields.
Thank you
Dwane
Dwane,
This view is not configurable. It may be a feature request.
Thank you
~ JG
Note the useful messages
-
Why need Session timeout with the public user for public portal?
Hi all
I use WebCenter Portal 11.1.1.8 and I found that with the user public space WebCenter show still expire page and redirect them to the login page. I did not understand why Oracle do? If Oracle cannot remove the public user session timeout, but they must not give this event for public user. The end user, they don't care in this respect, it just feel discomfortable.
I really want a solution for this problem of Oracle. If the session is out of time, they only auto refresh page when the user doing anything on the new page (exp: moving the mouse, the key... event event) and the user will never know on this subject.
You have an idea about this?
Thank you!
Hello.
The patch allows just to use in file configuration web.xml depending the context-param:
oracle.adf.view.rich.sessionHandling.WARNING_BEFORE_TIMEOUT 0 This feature is STANDARD in newer versions.
He added the Web.XML WebCenter Portal (spaces).
I recommend that you add by using the project of PortalExtension instead of change manyally web.xml because when you apply patches manually changes in the web.xml file are lost.
Managing file web.xml in the WebCenter Portal (previously the WebCenter spaces) | VASSIT | UK
Kind regards.
-
Problem running the application as a public user process
Hello
I proceeded on request PL - SQL that returns data to fill a selection list on the page with optional values. This process is called with a call from the event on a date object. When authenticated, it returns correctly and when it is called as a public user it fails with this in the XML declaration:
{XML Parsing Error: no element found the location: moz-nullprincipal:{1edfa653-8146-43f8-8ea9-a26d3e29cf8a} line number 1, column 1:
The call should return this:
With the help of this event on the date element:<select> 14-JUN-12 DSKYSTH <option value="Single">Single Rate = $10.00</option> </select>
call this code:onChange="get_AJAX_SELECT_FB(this,'P1_XBASIS');"function get_AJAX_SELECT_FB(pThis,pSelect){ var l_Return = null; var l_Select = html_GetElement(pSelect); var ajaxResult = new htmldb_Get(null,&APP_ID.,'APPLICATION_PROCESS=SetBasis',0); ajaxResult.add('P1_ID',$v('P1_TOUR_CODE')); ajaxResult.add('P1_XTD',pThis.value); gReturn = ajaxResult.get('XML'); if(gReturn && l_Select){ var options_Contents = gReturn.getElementsByTagName("option"); l_Count = options_Contents.length; l_Select.length = 0; for(var i=0; i<l_Count;i++){ var l_Opt_Xml = gReturn.getElementsByTagName("option");
appendToSelect(l_Select, l_Opt_Xml.getAttribute('value'), l_Opt_Xml.firstChild.nodeValue)
}
}
get = null;
}
function appendToSelect(pSelect, pValue, pContent) {
var l_Opt = document.createElement("option");
l_Opt.value = pValue;
if(document.all){
pSelect.options.add(l_Opt);
l_Opt.innerText = pContent;
}else{
l_Opt.appendChild(document.createTextNode(pContent));
pSelect.appendChild(l_Opt);
}
}When inspecting with Firebug I can only see a difference in the request headers between the public user and authenticated user where the cookie value is -1 on the public user. Public User: *Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8* *Accept-Encoding gzip, deflate* *Accept-Language en-us,en;q=0.5* *Connection keep-alive* *Content-Length 181* *Content-Type application/x-www-form-urlencoded; charset=UTF-8* *Cookie LOGIN_USERNAME_COOKIE=roger; WWV_PUBLIC_SESSION_129=5245818196882971; ORA_WWV_REMEMBER_UN=ROGER:PTX-DEV; ORA_WWV_USER=A29423F6BE2220D0; WWV_CUSTOM-F_969127929331871_129=-1* *Host horta.prot.com.au:8080* *Referer http://horta.prot.com.au:8080/apex/f?p=129:1:547226222832513* *User-Agent Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0* Authenticated user: *Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8* *Accept-Encoding gzip, deflate* *Accept-Language en-us,en;q=0.5* *Connection keep-alive* *Content-Length 182* *Content-Type application/x-www-form-urlencoded; charset=UTF-8* *Cookie LOGIN_USERNAME_COOKIE=roger; ORA_WWV_REMEMBER_UN=ROGER:PTX-DEV; ORA_WWV_USER=A29423F6BE2220D0; WWV_CUSTOM-F_969127929331871_129=A29423F6BE2220D0* *Host horta.prot.com.au:8080* *Referer http://horta.prot.com.au:8080/apex/f?p=129:1:1687129548869672:GET_TYPE:NO::P1_SEARCH_CAT,P1_XTD,P1_ADULT,P1_SEARCH_CODE:CABLE,,,* *User-Agent Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20100101 Firefox/13.0* I'm it's probably something stupid that I'm doing and hope someone can help Rogeruser4101020 wrote:
Thank you, but my browser crashed and ended up with a double... I see that now, but the question remains unanswered.Close this message and wait for one response on the other.
-
Error file is moved or deleted, cannot access the files on the public user profile
Original title; Public user file was deleted passage o
I can't access files stored on the users of public folder, I get the message that the file has been deleted or moved
Hello
1 are logged as administrator?
2 have you logged on a domain?
3 did you a recent software or changes to the material on the computer?
I suggest you to go through the steps mentioned in the link and the Coachman.
"Network or file permission" or "the folder does not exist" error
http://support.Microsoft.com/kb/934160
See also:
Sharing files with the Public folder
http://Windows.Microsoft.com/en-us/Windows-Vista/sharing-files-with-the-public-folder#section_1
File sharing essentials
http://Windows.Microsoft.com/en-us/Windows-Vista/file-sharing-essentials
-
My hard drive is currently filled by PC DM files in my folder/Public user folder. How can I safely remove the right files in this folder? Vista Home Premium 64 bit is my os.
Hi templar_39,
DM (Message Delivery) file types are not Windows files, they can be generated by a third-party program.
This particular file type is often associated with audio data and can be hosted on some cell phones to be used as ringtones or multimedia clips. To my knowledge, these files can be generated by your mobile phone.
Note: you can go ahead and remove these files only if you notice that the files do not contain any important information.
If this happens without connect you all devices (like mobile PHONES), this may be a virus or malware activity. You can run a virus scan to get rid of them
Step 1: A scanner online for any threat and try to correct
http://OneCare.live.com/site/en-us/Center/cleanup.htm
Thank you, and in what concerns:
Ajay K
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think.
-
When the user authenticates in ACS v3.3, a profile is created and stored under the User Configuration. When employees leave the company, to delete this profile. We use the external database which is Active Directory.
Questions
(1) if the Active Directory account is disabled, the user will be able to connect because the identification information is recorded in the ACS?
(2) is there a way to expire these credentials as in 24 or 48 hours?
In ACS3.3, you can expire the account also if the account is disabled and that the user put in cache in ACS points to the database of windows for authentication, in that it should not allow the user.
Here is where you can set how long the account is active for:
Thank you
Tarik
-
Public users, creation of accounts
I am developing a mobile application on Apex 5.0 and I want public users who visit my application developed for the first time be able to create an account. They would have no back end privileges, just to be able to use the application. Users will need to create an account by providing the user name and password, and then clicking "create." How do I do this?
Thank you
JIT
ReemaPuri wrote:
You can check the application
https://Apex.Oracle.com/pls/Apex/f?p=14652:1:16799248570102:
Yes, please do. It is a very good example of how including not implementation of the specification.
DB objects:
CREATE TABLE "USER_REGISTRATION" ( "USERID" NUMBER(*,0), "USERNAME" VARCHAR2(30), "PASSWORD" VARCHAR2(20), "REPASSWORD" VARCHAR2(20), "TOKENID" VARCHAR2(20), "EMAILID" VARCHAR2(50), "USERTYPE" VARCHAR2(20), "ACTIVE" VARCHAR2(20), "QUESTION" VARCHAR2(256), "ANSWER" VARCHAR2(256), PRIMARY KEY ("USERID") USING INDEX ENABLE ) / CREATE OR REPLACE TRIGGER "TRG_USER_REGISTRATION" BEFORE INSERT ON USER_REGISTRATION FOR EACH ROW BEGIN SELECT SEQ_USER_REGISTRATION.NEXTVAL INTO :NEW.USERID FROM DUAL; END; / ALTER TRIGGER "TRG_USER_REGISTRATION" ENABLE /Process page:
declare var_id number; begin select max(userid)+1 into var_id from user_registration ; insert into USER_REGISTRATION values(:var_id,:P5_USER_NAME,:P5_PASSWORD,:P5_RE_PASSWORD,:P5_TOKEN_ID,:P5_EMAIL_ID,NULL,NULL,:P5_QUESTION,:P5_ANSWER); end;
At first glance, it was line 4 of page process that caught my attention, but on the whole of the code review it turns out is not the obvious bug usually represented by this anti-pattern particular (he is left as an exercise for the reader to understand why...)
However, it is irrelevant that the really criminal issues are that there is no unique constraint on the user name or e-mail address, and passwords, tokens, and responses are stored in clear text. Ouch.
-
APEX security with public users problem
Hi guys,.
I'm under Apex 3.2.1 and Oracle 10 g on a server which is protected (Web DMZ). Access to the Intranet is secured by a firewall. However, this is only for my internal users. What recommendations can you make on the Web Public users who go to APEX via regular HTTP? Secure HTTPS is and what other ways are there to secure my application?
Thank you
MauricioYou gave me a great idea... someone needs to write a book of Security Oracle tracing how these concepts are applied to daily applications, including 2 chapters on APEX ;)
You have users internal and external to the same instance of the APEX?
It is a long subject (I wrote about 100 pages to this subject), but I'll give it a try in a few bullet points:
- Equip your DMZ with firewall rules to limit traffic from the rest of the world to only http and https (ports 80 and 443) OSH, nothing else gets in. Use firewall rules so that the only system THAT OSH can call either your database and that the port 1521 (or whatever your listener is enabled.
- Make sure that all the security patches are applied to the BONE and the SST because it is a prime target. This should be a machine for single use with anything else on this topic. Each additional piece of software or service is a potential attack vector. My personal preference is a variant of Unix for facing internet, NOT of Windows or Linux servers.
- If possible, run all the applications of the internet in a database and all the intranet in another db. So, you have an external system and one for residents. It's so much easier to protect in this way. Careful with database links as you could end of linking these systems and very little gain.
The list is long, but I'm still not clear on the big picture.
Tyler Muth
http://tylermuth.WordPress.com
[Oracle security application: development of secure database and Middleware environments | http://sn.im/aos.book] -
MT42: HP Easy Shell - allow user configuration changes
Hello
We use HPDM to capture and deploy images of Thin Clients HP MT42 Mobile with Windows Embedded 7 HP easy set up shell. The enhanced write filter is configured, so no user changes cannot be saved.
This works very well for us, but now we want to allow users to keep their wireless settings.
We allow them to configure wireless networks, but of course, these changes are lost after each reboot.
I know that you can work with the exclusions in the write filter, but I can see this goes only for files and folders.
How can we ensure that these changes made by users wireless are persistent?
For UWF, please follow the steps below.
- Add the following path in the file Exclusion list
C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\ - Add the registry path in registry Exclusion list
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WlanSvc\Interfaces
FBWF, please follow the steps below.
- Add the following path in the file Exclusion list
C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\ - Disable FBWF and create a file .reg with the following content:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys\5]
"" ="HKLM ClassKey.
"FileNameForSaving"="_Wifi.RGF."
'RelativeKeyName '=' Software\\Microsoft\\WlanSvc\\Interfaces. '
- Add the following path in the file Exclusion list
-
Power as an XP user configuration
Hello!
I would like to change my configuration of power under XP Pro SP2 as a normal user without administrator rights. Of course, I have to use the tool, but this works only in administrator accounts.
Any ideas?
See you soon
Lutz
Hello
Well, in my opinion you can t he change without administrator rights. In this case, your user accounts have rights.
As far as I know the user with the admin (Administrator) rights must log on to your device. Then, you choose the power saver properties. There is a Security tab.
The option control must be marked to allow under your username.Good bye
-
Recently bought a Dell Dimension 3847 with Windows 7 Pro to replace a workstation that is connected to a network that uses Windows Server 2003. I already set up two other PC's (not same model) with Win 7 Pro, for existing users and had no problems whatsoever. The user of this workstation is an existing one (implemented as an administrator). I've set up his account and she joined the working group. The other computers in the workgroup are listed under network location. However, when I tried to access the server computer in the Working Group, I got a pop-up window asking for a username and password. This would not have taken place. However, I entered the username and password for that particular user and received a message that the user name and password were not valid. I set up my user account (it has administrative privileges too), on this computer, joined the Working Group, Windows recognizes the other computers in the workgroup, but when I tried to access the server computer I got the same pop-up and had the same problem with my credentials not being recognized. While remaining under my user name, I tried and then access the server computer again but when I arrived at the prompt for the user name and password, I used the 'Administrator' user name with the appropriate password (the credentials used to connect to the server computer) and it worked. I registered to the account of the other user and used the same method to access the server and it worked as well. Any ideas why the user credentials, other than the administrator account, are not recognized?
Hello
Sorry for the late reply.
This problem is better suited in the TechNet forum where we have experts working on the same topic.
Please post your request in the below link:
https://social.technet.Microsoft.com/forums/en-us/home
I hope this information helps, get back to us if you need help with Windows.
Thank you.
-
Duration of lock FireSIGHT/SourceFire user configuration?
Hi all
I've been searching in the documentation for 5.3 and 5.4, and I don't find no information for what the account lockout duration is for when a user does not have the number of logins set to the value of maximum number of connections has failed in a user account. Is there an official documentation anywhere for this (and where to check or raw balls does show a lock-out)? I have a client through a PCI DSS audit and the auditor is demanding this information. Either way, it seems that the default Administrator account cannot be disabled (the Setup Guide explains he cannot be deleted, but can it be disabled via the CLI)?
Appreciate any help you can provide.
Thank you
Richard
Hello Richard,.
External authentication would be the only way to get the limit past reuse.
To get locked, you must enable STIG this will allow locking of accounts, other than that there no way to do it without STIG.
I'll open a bug in development of your request to add this feature in the road map.
Assess and correct if my message will help.
Concerning
Jetsy
Maybe you are looking for
-
Call has always included class
Hello I'm trying to dynamically load the class at runtime that is always included in the executable. For example, if a class name is fooC.lvclass and the name of the executable file is fooE.exe, which is the path of the class? If I use... \fooE.exe\f
-
Keyboard HP Pavilion g6-2213sa got slightly wet, now does not. Help!
Long story short, I wanted my 5 week old girl crying while chasing my naughty son almost 3 years to her naughty approach. I came back in the room and I walked past the laptop my daughter vomited milk on the keys. Therefore my milk not as thick as for
-
Windows 7 64-bit recovery discs
I installed Windows 8 and it is just messed up and and I don't like, so I ordered Windows 7 64 bit HP recovery discs using my serial number of computers. Thus, these actually wipe the hard drive and reinstall Windows 7?
-
Running windows 7 home Premium
Hello, I tried 2 uninstall a program and it will not uninstall what I can do? Thank you
-
BlackBerry Smartphones running large icons for 8310 4.5 os
Please please can someone tell if there are topics there with large icons compatible with the 4.5 os...