Configuring the Database Tier
shortest time. When making changes to configuration files, use the apache -t command to parse the httpd.conf configuration file and report any errors before starting and stopping the Oracle HTTP Server.
To stop and start the Oracle HTTP Server
1.Open a Windows Command Prompt.
2.Change directory to the Oracle HTTP Server home directory by entering: cd %ORACLE_HOME%\Apache\Apache\
3.Stop the running Oracle HTTP Server by entering: apache -k shutdown
4.Start the Oracle HTTP Server by entering apache -k start
Configuring the Database Tier
Oracle9i is installed on the database tier. The database tier may be physically separate from the middle tier and accessed using Oracle Net, or it may be the same physical machine as used by the middle tier. For further information about configuring Oracle9i, see the Oracle9i documentation.
iSQL*Plus Security
Each iSQL*Plus log in is uniquely identified, so you can:
■
■
Connect multiple times from the same machine
Connect multiple times from different machines
iSQL*Plus supports this stateful behavior by storing session context information in the Oracle HTTP Server. You must ensure that your listener always routes HTTP requests to the same server, otherwise the session context will not be found.
However, you may find it useful to start more than one Oracle HTTP Server to distribute user load across the multiple servers.
There are two main areas to consider for security and user authentication when using iSQL*Plus:
■The HTTP protocol connection between the web browser and the Oracle HTTP Server.
2-8 iSQL*Plus User’s Guide and Reference
iSQL*Plus Security
■The Oracle Net connection between the iSQL*Plus module (in the Oracle HTTP Server) and Oracle9i.
In this release of iSQL*Plus, security for the connection between the web browser and the Oracle HTTP Server is provided by standard HTTPS, which is fully supported by Oracle. It enables secure listener connections with an Oracle-provided encryption mechanism via the Secure Sockets Layer (SSL). It can be implemented when installing the Oracle HTTP Server by installing the mod_ssl module. For detailed information about implementing HTTPS security in Oracle, see the Oracle Advanced Security Administrator’s Guide.
The Oracle Net connection between the iSQL*Plus module and Oracle9i provides the same security as in previous client server architectures. For more information about Oracle Net connection security, see the Oracle Net Services Administrator’s Guide and the Oracle Advanced Security Administrator’s Guide.
Using Administration Privileges
There are two modes of access to iSQL*Plus:
■
■
Connect as a normal User, the default mode.
Connect with AS SYSDBA or AS SYSOPER privileges.
When you log in with User privileges, you cannot use the SQL*Plus CONNECT command to reconnect with AS SYSDBA or AS SYSOPER privileges, and therefore cannot perform privileged operations such as shutting down the server. Any attempt to connect with AS SYSDBA or AS SYSOPER privileges from a user session will fail with the error message "SP2-0563: Insufficient privileges".
Enabling User Security
You may want to limit the users who can access iSQL*Plus. Oracle HTTP Server authentication is required for AS SYSDBA and AS SYSOPER connections, but not for User connections. You can edit the isqlplus.conf file to enable Oracle HTTP Server authentication for User connections by changing the following lines:
<Location /isqlplus> SetHandler iplus-handler Order deny,allow
Allow from all </Location>
Configuring iSQL*Plus 2-9
iSQL*Plus Security
to:
<Location /isqlplus> SetHandler iplus-handler Order deny,allow AuthType Basic
AuthName ’iSQL*Plus’
AuthUserFile %ORACLE_HOME%\sqlplus\admin\iplus.pw Require valid-user
</Location>
In this case, iplus.pw is suggested as the file to contain the Oracle HTTP Server authentication usernames and passwords for User connections. Now, whenever a User connection is requested, users are not only required to enter their Oracle9i username and password, but they are also prompted to enter an Oracle HTTP Server authentication username and password.
Adding Entries to an Oracle HTTP Server Authentication File
To connect with SYSDBA or SYSOPER privileges, your username and password must be added to the iSQL*Plus authentication file for the Oracle HTTP Server. On installation, the authentication file is created with no user entries at %ORACLE_ HOME%\sqlplus\admin\iplusdba.pw. The username and password used in the authentication file is independent of the Oracle9i username and password.
If you have enabled Oracle HTTP Server authentication for User connections, you need to create a separate authentication file to contain username/password entries for User level connections. See "Enabling User Security" for information about enabling User level Oracle HTTP Server authentication.
To create a new user entry in an Oracle HTTP Server authentication file.
1.Log in to the Oracle HTTP Server as the Oracle HTTP Server administrator.
2.Run the htpasswd utility to add users to the authentication file. For AS SYSDBA or AS SYSOPER users, use the form:
htpasswd %ORACLE_HOME%\sqlplus\admin\iplusdba.pw username
For User connections, where iplus.pw has been created as an empty authentication file, use the form:
htpasswd %ORACLE_HOME%\sqlplus\admin\iplus.pw username
In both cases you are prompted for the associated password. For further information about htpasswd, see the Oracle HTTP Server documentation.
2-10 iSQL*Plus User’s Guide and Reference
iSQL*Plus Security
Logging In Using Oracle HTTP Server Authentication
To connect to a database instance with SYSDBA or SYSOPER privileges, or as a User with Oracle HTTP Server authentication enabled:
1.Open a browser window and start a new iSQL*Plus session.
2.Enter your Oracle9i username and password.
3.Enter a Connection Identifier for the database connection you want, or leave the Connection Identifier blank to connect to the default database.
4.Select the AS SYSDBA, AS SYSOPER, or User privileges you want for this database connection from the Privileges: dropdown list on the Log In screen.
5.Click Log In. You are prompted to enter your Oracle HTTP Server authentication username and password. The username and password must be a valid entry in the Oracle HTTP Server authentication file. A login screen similar to the following is displayed:
6.Click OK. You are connected to the selected database with the SYSDBA, SYSOPER, or User privileges you requested.
Configuring iSQL*Plus 2-11