Oracle Forms 12.2.1.4.0 - New Security Handling for userid

Posted by Dirk Nachbar on Tuesday, October 01, 2019
In the latest Oracle Forms 12.2.1.4.0 Release, Oracle has implemented a new cool feature for security handling of the userid parameter.

Classically within the formsweb.cfg you are defining your section for your Forms Application, e.g.

#

# The values for userid are provided in cleartext
[demo]
WebUtilArchive=frmwebutil.jar,jacob.jar
WebUtilLogging=off
WebUtilLoggingDetail=normal
WebUtilErrorMode=Alert
WebUtilDispatchMonitorInterval=5
WebUtilTrustInternal=true
WebUtilMaxTransferSize=16384
baseHTML=webutilbase.htm
baseHTMLjpi=webutiljpi.htm
archive=frmall.jar
lookAndFeel=oracle
form=test.fmx
userid=scott/tiger@prod


Now, with Oracle Forms 12.2.1.4.0, after you started the AdminServer of your Oracle Forms & Reports 12.2.1.4.0 environment, the value for the parameter userid will be automatically encrypted.
This is managed via the new parameter forms.userid.encryption.enabled=true for $EXTRA_JAVA_PROPERTIES inside the $DOMAIN_HOME/bin/setDomainEnv.sh script.

After you have started up your AdminServer the value for the parameter userid inside the formsweb.cfg will be encrypted:

#

# After the startup of the AdminServer the value
# for the parameter userid is encrypted
[demo]
WebUtilArchive=frmwebutil.jar,jacob.jar
WebUtilLogging=off
WebUtilLoggingDetail=normal
WebUtilErrorMode=Alert
WebUtilDispatchMonitorInterval=5
WebUtilTrustInternal=true
WebUtilMaxTransferSize=16384
baseHTML=webutilbase.htm
baseHTMLjpi=webutiljpi.htm
archive=frmall.jar
lookAndFeel=oracle
form=test.fmx
userid={AES}E/vW+IIt0wtgdExtevDqrg==



Categories: ,