|iSQL*Plus User's Guide and Reference
Part Number A88826-01
Configuring iSQL*Plus, 7 of 8
Each iSQL*Plus log in is uniquely identified, so you can:
iSQL*Plus supports this stateful behavior by storing session context information in the Oracle HTTP Server. You must ensure that your listener always routes HTTP requests to the same server, otherwise the session context will not be found.
However, you may find it useful to start more than one Oracle HTTP Server to distribute user load across the multiple servers.
There are two main areas to consider for security and user authentication when using iSQL*Plus:
In this release of iSQL*Plus, security for the connection between the web browser and the Oracle HTTP Server is provided by standard HTTPS, which is fully supported by Oracle. It enables secure listener connections with an Oracle-provided encryption mechanism via the Secure Sockets Layer (SSL). It can be implemented when installing the Oracle HTTP Server by installing the mod_ssl module. For detailed information about implementing HTTPS security in Oracle, see the Oracle Advanced Security Administrator's Guide.
The Oracle Net connection between the iSQL*Plus module and Oracle9i provides the same security as in previous client server architectures. For more information about Oracle Net connection security, see the Oracle Net Services Administrator's Guide and the Oracle Advanced Security Administrator's Guide.
There are two modes of access to iSQL*Plus:
When you log in with User privileges, you cannot use the SQL*Plus CONNECT command to reconnect with AS SYSDBA or AS SYSOPER privileges, and therefore cannot perform privileged operations such as shutting down the server. Any attempt to connect with AS SYSDBA or AS SYSOPER privileges from a user session will fail with the error message "SP2-0563: Insufficient privileges".
You may want to limit the users who can access iSQL*Plus. Oracle HTTP Server authentication is required for AS SYSDBA and AS SYSOPER connections, but not for User connections. You can edit the isqlplus.conf file to enable Oracle HTTP Server authentication for User connections by changing the following lines:
<Location /isqlplus> SetHandler iplus-handler Order deny,allow AuthType Basic AuthName 'iSQL*Plus' AuthUserFile %ORACLE_HOME%\sqlplus\admin\iplus.pw Require valid-user </Location>
In this case, iplus.pw is suggested as the file to contain the Oracle HTTP Server authentication usernames and passwords for User connections. Now, whenever a User connection is requested, users are not only required to enter their Oracle9i username and password, but they are also prompted to enter an Oracle HTTP Server authentication username and password.
To connect with SYSDBA or SYSOPER privileges, your username and password must be added to the iSQL*Plus authentication file for the Oracle HTTP Server. On installation, the authentication file is created with no user entries at
%ORACLE_HOME%\sqlplus\admin\iplusdba.pw. The username and password used in the authentication file is independent of the Oracle9i username and password.
If you have enabled Oracle HTTP Server authentication for User connections, you need to create a separate authentication file to contain username/password entries for User level connections. See "Enabling User Security" for information about enabling User level Oracle HTTP Server authentication.
To create a new user entry in an Oracle HTTP Server authentication file.
For User connections, where iplus.pw has been created as the authentication file, use the form:
In both cases you are prompted for the associated password. For further information about htpasswd, see the Oracle HTTP Server documentation.
To connect to a database instance with SYSDBA or SYSOPER privileges, or as a User with Oracle HTTP Server authentication enabled:
The following notes may assist you in understanding and configuring iSQL*Plus: