My company is in the middle of migrating their old application (perl) into their new application (oracle apex). We currently have all of our internal processes up and running on oracle apex, while all of our merchants still use the old application. I'm creating the merchant setup in apex (our support users set up merchant accounts for them), in which part of this setup I need to create the logins for the merchant to use. The problem is that our old application used the perl crypt function to hash our merchants passwords, so my custom hash in apex does not match the same digest thus not allowing the merchants to sign in. I'm wondering if I have the code to create the exact same salt as the old application, can oracle's DBMS_CRYPTO replicate the exact same hash as the perl crypt function? $cpw = crypt ($pw, $salt);
Update Sep 09 2022: To avoid a scheduled maintenance and having to import jars into the db, i'm looking into an alternative solution that involves taking the password hashing code out of the original application and re-creating it in it's own cgi file. Then using apex_web_service.make_rest_request to POST our user's password and have the script that contains the crypt() function handle hashing of the password.
If you have Java enabled in the database then you may be able to (untested):
Use the loadjava utility to import the apache.commons.codec library which contains the org.apache.commons.codec.digest.Crypt class.
Create a PL/SQL function to wrap the Java method:
CREATE OR REPLACE FUNCTION CRYPT(
i_key IN VARCHAR2,
i_salt IN VARCHAR2
) RETURN VARCHAR2
AS LANGUAGE JAVA
NAME 'org.apache.commons.codec.digest.Crypt.crypt(java.lang.String, java.lang.String) return java.lang.String';
/
Then you can call that function and compare it to Perl.
Related
We have an Apex application (version 20.1) and our users must be able to change the database schema at runtime via button click (preferably without logging in again).
Currently we are solving this by installing our application multiple times, once per schema.
We recently discovered the function apex_export.get_application. We intend to use this function to bring our frontend under version control (finally!). We would like to deploy our application directly from the exported files. Having a single application, we would not have to mess with the internal component ids from the exported files.
Is it possible to install the application once and change the default schema via Pl/SQL code? Thank you!
I don't think this can be done, but perhaps the following is a reasonable compromise
add all the schemas you need to support to the workspace schema list
Any SQL (and I do mean any) in your app would be prefixed with an application item, eg
Before: select * from my_table
After: select * from &my_schema..my_table
At login time (or when a user selects it) you modify the MY_SCHEMA application item
(I've not tried this...so test/tread carefully)
I attempted to create a workspace in APEX using an existing schema called PEOPLE and it gave the error message "The schema is reserved or restricted". I tried with other existing schemas that I created and they all worked fine.
Technical/Environment details follow:
Database: Oracle 19c EE installed on local machine.
Apex: 19.2 installed as Embedded Gateway on local machine.
Created pluggable database called PDB1.
Created tablespace PEOPLE_TAB using OMF (Oracle Managed Files) syntax.
Created local user PEOPLE in PDB1.
Gave PEOPLE the following roles and privs (I'm aware some are doubled up like RESOURCE role and CREATE SESSION priv):
RESOURCE
UNLIMITED TABLESPACE
SELECT_CATALOG_ROLE
CREATE SESSION
CREATE TABLE
CREATE TYPE
CREATE CLUSTER
CREATE TRIGGER
CREATE PROCEDURE
CREATE SEQUENCE
CREATE VIEW
CREATE DIMENSION
CREATE JOB
CREATE SYNONYM
CREATE DIMENSION
CREATE MATERIALIZED VIEW
I created another user TEST1 in the same tablespace PEOPLE_TAB, with the same privs as PEOPLE and re-created the objects and data. I could successfully create a workspace using this new schema!
Trawled the web, but most articles and posts refer to older versions of APEX, but I still tried the following.
I followed the advice given in the Oracle docs, Application Express Release 19.2 Adminstration Guide section 2.13
The APEX engine schema for APEX 19.2 is APEX_190200. So I unlocked APEX_190200 and logged in (after changing password) to run the checks.
-- Checked if PEOPLE was a restricted schema
SELECT schema FROM APEX_190200.wwv_flow_restricted_schemas order by schema;
PEOPLE is not listed and I assume is not restricted. So I tried to unrestrict PEOPLE anyway as detailed in the docs.
-- ran from APEX_190200
EXEC APEX_INSTANCE_ADMIN.UNRESTRICT_SCHEMA(p_schema => 'PEOPLE');
COMMIT;
Successfully ran but did not resolve the issue.
Looking on the web most of the info was out of date but tried anyway.
-- ran from APEX_190200
EXEC APEX_SITE_ADMIN_PRIVS.UNRESTRICT_SCHEMA(p_schema => 'PEOPLE');
COMMIT;
The above did not run and complained the package didn't exist. I verified that when looking for APEX_SITE_ADMIN_PRIVS in user_objects - it was not there.
Some years ago there was a bug with the function wwv_flow_provision.IS_RESERVED, but I checked this and it ran ok returning FALSE for PEOPLE and TRUE for reserved words like VARCHAR.
It's really thrown me when I can create an identical user (different name) with identical privs, objects and data was created on the same tablespace and it worked fine with an APEX workspace.
Does anyone have any experience of resolving this issue or point me in the right direction?
Thank you.
You are receiving the error because PEOPLE is specified as a restricted schema with an APEX package.
In the installation scripts for APEX 19.2, the file named f4050.sql has a page validation on page 79 (the page that is raising the error) that looks like this:
...
...
...
wwv_flow_api.create_page_validation(
p_id=>wwv_flow_api.id(114752711027135415)
,p_validation_name=>'schema not reserved/restricted'
,p_validation_sequence=>80
,p_validation=>wwv_flow_string.join(wwv_flow_t_varchar2(
'wwv_flow_provision.schema_name_valid(',
' p_schema => :F4050_P79_SCHEMA,',
' p_workspace_name => :F4050_P27_COMPANY);'))
,p_validation_type=>'PLSQL_EXPRESSION'
,p_error_message=>'Schema is reserved or restricted'
,p_when_button_pressed=>wwv_flow_api.id(12559200978895311)
,p_error_display_location=>'INLINE_WITH_FIELD_AND_NOTIFICATION'
);
...
...
...
Then using a procedure block like this, you can determine if the schema name is valid or not:
BEGIN
IF apex_190200.wwv_flow_provision.schema_name_valid (p_schema => 'PEOPLE',
p_workspace_name => 'PEOPLE')
THEN
DBMS_OUTPUT.put_line ('Valid');
ELSE
DBMS_OUTPUT.put_line ('Invalid');
END IF;
END;
/
Then by unwrapping the code in those packages (tools can be easily found online). Within that code, there is a call to another function named WWV_FLOW_PROVISIONING.RESERVED_SCHEMA (P_SCHEMA => P_SCHEMA). Within that function, there is code that looks like this:
IF C_SCHEMA IN (
'HTMLDB_PUBLIC_USER',
'APEX_PUBLIC_USER',
'PUBLIC_USER',
'FLOWS_FILES',
'SCHEDULER',
'PEOPLE') THEN
RETURN TRUE;
END IF;
So without modifying the package WWV_FLOW_PROVISIONING (which I would highly recommend AGAINST), you will not be able to create an APEX workspace with the schema name PEOPLE. This will need to be fixed by Oracle either through a patch to the package or in a newer version of APEX.
Fascinating issue. The restricted schema is hard-coded in APEX provisioning code. It's very much a legacy issue.
We can attempt to fix this in the next release of APEX, but that won't help you now. If you file a Service Request for Oracle Support, I'll make sure you get a fix for this issue (assuming you're using a supported version of APEX).
I need to ecrypt PDF file with password in Oracle Database 12c.
I have PDFs in BLOB column in database and I want to write function that returns BLOB which contains encrypted PDF.
Then if I save that pdf to disk and open it with Acrobat Reader I want to be prompt for password.
In most simple scenerio (which will be fine for now) I need something like this:
FUNCTION Encrypt_Pdf(
pdf_ IN BLOB,
password_ IN VARCHAR2
) RETURN BLOB
IS
encrypted_pdf_ BLOB;
BEGIN
-- do something with pdf_ to encrypt it with password_
RETURN encrypted_pdf_;
END Encrypt_Pdf;
I've looked for some free packages but I found only pl/pdf which is commercial :( other free solutions for PDFs in PL/SQL dont provide encryption (as_pdf3, pl_fpdf).
Do you have any idea how to do that?
Thanks
So I’ve found solution. I’ve loaded java library iText into database and wrote java package which encrypt and returns pdf as oracle.sql.BLOB then I’ve called it from plsql and it worked well.
I am using CR 2008. That version allows the use dynamic parameters instead of static parameter. Using that type of parameter will direct CR to go inside the table/view and display what is resided inside the database for us to select the data/information for filtering. That is nice and convenient feature but each time I run the report, I was prompted with server name, user name and password. The user name is the name of the schema and its related password. Those credentials are not supposed to be disclosed to users.
Have anyone come across the same issue and how do you stop CR report from asking for these credentials? It did not ask when I switch to static parameters... the prompt only shows up when dynamic parameters are used.
Thanks!
I finally found a way to get around this issue. In my Crystal report, I used SQL statement in the command for easy future maintenance. I think using command triggers the prompt for user name and password when dynamic parameters is used. I switched to use views for my reports and CR stopped asking me for the credentials. I still favor using commands instead of views though and still curious if there is a way to stop CR from prompting for credential in dynamic parameters when command is used.
Are facing this issue in CR tool or in any other environment which is used to view the report.
I'm still a novice at QTP (still learning even the GUI) and I need to write this VB script under it:
Write a QTP script that:
Browse to Yahoo mailbox
Perform registration process to Yahoo if this is a new user
Perform log in to yahoo mailbox if it is existing user
Send new mail to valid Mailbox
Use English version for the yahoo mailbox.
Use only one action and Implement the code with public sub
procedure and unique Data table
for the test (don't use default
QTP Data table)
Any directions and/or suggestions will be gladley accepted.
Thanks
Well simple Record action did the trick, but there is no use of public sub procedure and unique Data table.
Is that called a valid test ? Is the only VBS code of this action is the code in the Expert view ?
THNX