![](/user_photo/528_5NJmi.jpg)
- •Contents
- •Send Us Your Comments
- •Preface
- •1 Introduction to iSQL*Plus
- •What is iSQL*Plus?
- •iSQL*Plus Architecture
- •iSQL*Plus User Interface
- •Oracle HTTP Server
- •Oracle9i
- •2 Configuring iSQL*Plus
- •System Requirements
- •Web Browser (client tier)
- •Oracle HTTP Server (middle tier)
- •Oracle9i (database tier)
- •Installation
- •Configuring the Client Tier
- •Adding MIME Types
- •Adding Proxy Server Exceptions
- •Configuring the Middle Tier
- •Configuring the iSQL*Plus Server
- •Defining a Connection Identifier
- •Setting the iSQL*Plus Session TimeOut
- •Changing the Default Cascading Style Sheet
- •Enabling or Disabling iSQL*Plus
- •Configuring the Oracle HTTP Server
- •Testing the Oracle HTTP Server Configuration File
- •Starting and Stopping the Oracle HTTP Server
- •Configuring the Database Tier
- •iSQL*Plus Security
- •Using Administration Privileges
- •Enabling User Security
- •Adding Entries to an Oracle HTTP Server Authentication File
- •Logging In Using Oracle HTTP Server Authentication
- •Security Usage Notes
- •Configuring Globalization Support
- •Web Browser - client tier:
- •Oracle HTTP Server - middle tier:
- •Oracle9i - database tier:
- •3 The iSQL*Plus User Interface
- •The iSQL*Plus Log In Screen
- •Help Icon
- •Username:
- •Password:
- •Connection Identifier:
- •Privilege:
- •Clear
- •The iSQL*Plus Work Screen
- •Password Icon
- •Log Out Icon
- •Help Icon
- •Enter statements:
- •Script location:
- •Browse...
- •Load Script
- •Execute:
- •Output:
- •Clear Screen
- •Save Script
- •The Change Password Screen
- •Help Icon
- •Username:
- •Old password:
- •New password:
- •Retype new password:
- •Change Password
- •Clear
- •Cancel
- •4 Using iSQL*Plus
- •Running iSQL*Plus
- •Entering Statements
- •Loading Scripts
- •Entering Substitution Variables
- •The Define Substitution Variables Screen
- •Password Icon
- •Log Out Icon
- •Help Icon
- •Define Substitution Variables
- •Submit for Execution
- •Cancel
- •Creating Dynamic Reports
- •Using SET and COLUMN Commands
- •Getting Help
- •Exiting iSQL*Plus
- •5 Command Reference
- •SQL*Plus Command Summary
- •@ (“at” sign)
- •@@ (double “at” sign)
- •/ (slash)
- •ARCHIVE LOG
- •ATTRIBUTE
- •BREAK
- •BTITLE
- •CLEAR
- •COLUMN
- •COMPUTE
- •CONNECT
- •COPY
- •DEFINE
- •DESCRIBE
- •DISCONNECT
- •EXECUTE
- •HELP
- •LIST
- •PROMPT
- •RECOVER
- •REMARK
- •REPFOOTER
- •REPHEADER
- •SHOW
- •SHUTDOWN
- •START
- •STARTUP
- •TIMING
- •TTITLE
- •UNDEFINE
- •VARIABLE
- •WHENEVER OSERROR
- •WHENEVER SQLERROR
- •SQL*Plus Error Messages and Codes
- •iSQL*Plus Error Messages
- •COPY Command Messages
- •PRODUCT_USER_PROFILE Table
- •Creating the PUP Table
- •PUP Table Structure
- •Description and Use of PUP Columns
- •PUP Table Administration
- •Disabling SQL*Plus, SQL, and PL/SQL Commands
- •Creating and Controlling Roles
- •Disabling SET ROLE
- •Disabling User Roles
- •Glossary
- •Index
![](/html/528/114/html_2SFiinTS5V.puHk/htmlconvd-TCEHNO30x1.jpg)
Configuring the Database Tier
shortest time. When making changes to configuration files, use the apache -t command to parse the httpd.conf configuration file and report any errors before starting and stopping the Oracle HTTP Server.
To stop and start the Oracle HTTP Server
1.Open a Windows Command Prompt.
2.Change directory to the Oracle HTTP Server home directory by entering: cd %ORACLE_HOME%\Apache\Apache\
3.Stop the running Oracle HTTP Server by entering: apache -k shutdown
4.Start the Oracle HTTP Server by entering apache -k start
Configuring the Database Tier
Oracle9i is installed on the database tier. The database tier may be physically separate from the middle tier and accessed using Oracle Net, or it may be the same physical machine as used by the middle tier. For further information about configuring Oracle9i, see the Oracle9i documentation.
iSQL*Plus Security
Each iSQL*Plus log in is uniquely identified, so you can:
■
■
Connect multiple times from the same machine
Connect multiple times from different machines
iSQL*Plus supports this stateful behavior by storing session context information in the Oracle HTTP Server. You must ensure that your listener always routes HTTP requests to the same server, otherwise the session context will not be found.
However, you may find it useful to start more than one Oracle HTTP Server to distribute user load across the multiple servers.
There are two main areas to consider for security and user authentication when using iSQL*Plus:
■The HTTP protocol connection between the web browser and the Oracle HTTP Server.
2-8 iSQL*Plus User’s Guide and Reference
![](/html/528/114/html_2SFiinTS5V.puHk/htmlconvd-TCEHNO31x1.jpg)
iSQL*Plus Security
■The Oracle Net connection between the iSQL*Plus module (in the Oracle HTTP Server) and Oracle9i.
In this release of iSQL*Plus, security for the connection between the web browser and the Oracle HTTP Server is provided by standard HTTPS, which is fully supported by Oracle. It enables secure listener connections with an Oracle-provided encryption mechanism via the Secure Sockets Layer (SSL). It can be implemented when installing the Oracle HTTP Server by installing the mod_ssl module. For detailed information about implementing HTTPS security in Oracle, see the Oracle Advanced Security Administrator’s Guide.
The Oracle Net connection between the iSQL*Plus module and Oracle9i provides the same security as in previous client server architectures. For more information about Oracle Net connection security, see the Oracle Net Services Administrator’s Guide and the Oracle Advanced Security Administrator’s Guide.
Using Administration Privileges
There are two modes of access to iSQL*Plus:
■
■
Connect as a normal User, the default mode.
Connect with AS SYSDBA or AS SYSOPER privileges.
When you log in with User privileges, you cannot use the SQL*Plus CONNECT command to reconnect with AS SYSDBA or AS SYSOPER privileges, and therefore cannot perform privileged operations such as shutting down the server. Any attempt to connect with AS SYSDBA or AS SYSOPER privileges from a user session will fail with the error message "SP2-0563: Insufficient privileges".
Enabling User Security
You may want to limit the users who can access iSQL*Plus. Oracle HTTP Server authentication is required for AS SYSDBA and AS SYSOPER connections, but not for User connections. You can edit the isqlplus.conf file to enable Oracle HTTP Server authentication for User connections by changing the following lines:
<Location /isqlplus> SetHandler iplus-handler Order deny,allow
Allow from all </Location>
Configuring iSQL*Plus 2-9
![](/html/528/114/html_2SFiinTS5V.puHk/htmlconvd-TCEHNO32x1.jpg)
iSQL*Plus Security
to:
<Location /isqlplus> SetHandler iplus-handler Order deny,allow AuthType Basic
AuthName ’iSQL*Plus’
AuthUserFile %ORACLE_HOME%\sqlplus\admin\iplus.pw Require valid-user
</Location>
In this case, iplus.pw is suggested as the file to contain the Oracle HTTP Server authentication usernames and passwords for User connections. Now, whenever a User connection is requested, users are not only required to enter their Oracle9i username and password, but they are also prompted to enter an Oracle HTTP Server authentication username and password.
Adding Entries to an Oracle HTTP Server Authentication File
To connect with SYSDBA or SYSOPER privileges, your username and password must be added to the iSQL*Plus authentication file for the Oracle HTTP Server. On installation, the authentication file is created with no user entries at %ORACLE_ HOME%\sqlplus\admin\iplusdba.pw. The username and password used in the authentication file is independent of the Oracle9i username and password.
If you have enabled Oracle HTTP Server authentication for User connections, you need to create a separate authentication file to contain username/password entries for User level connections. See "Enabling User Security" for information about enabling User level Oracle HTTP Server authentication.
To create a new user entry in an Oracle HTTP Server authentication file.
1.Log in to the Oracle HTTP Server as the Oracle HTTP Server administrator.
2.Run the htpasswd utility to add users to the authentication file. For AS SYSDBA or AS SYSOPER users, use the form:
htpasswd %ORACLE_HOME%\sqlplus\admin\iplusdba.pw username
For User connections, where iplus.pw has been created as an empty authentication file, use the form:
htpasswd %ORACLE_HOME%\sqlplus\admin\iplus.pw username
In both cases you are prompted for the associated password. For further information about htpasswd, see the Oracle HTTP Server documentation.
2-10 iSQL*Plus User’s Guide and Reference
![](/html/528/114/html_2SFiinTS5V.puHk/htmlconvd-TCEHNO33x1.jpg)
iSQL*Plus Security
Logging In Using Oracle HTTP Server Authentication
To connect to a database instance with SYSDBA or SYSOPER privileges, or as a User with Oracle HTTP Server authentication enabled:
1.Open a browser window and start a new iSQL*Plus session.
2.Enter your Oracle9i username and password.
3.Enter a Connection Identifier for the database connection you want, or leave the Connection Identifier blank to connect to the default database.
4.Select the AS SYSDBA, AS SYSOPER, or User privileges you want for this database connection from the Privileges: dropdown list on the Log In screen.
5.Click Log In. You are prompted to enter your Oracle HTTP Server authentication username and password. The username and password must be a valid entry in the Oracle HTTP Server authentication file. A login screen similar to the following is displayed:
6.Click OK. You are connected to the selected database with the SYSDBA, SYSOPER, or User privileges you requested.
Configuring iSQL*Plus 2-11