This is an update to the section entitled: Using Structures without Two-Factor Authentication
I'm going to give you the quickest path to disabling the 2-factor authentication. This will not remove references to 2-factor authentication from the code, nor will it remove the exchange of authentication codes between the client and server; it's just that, the blank codes will be exchanged and accepted. No codes will be required, and no codes will be sent to mobile devices or e-mail.
Modify the appsec.appsec_public_pkg.p_get_app_conns procedure, commenting the 2-factor authentication code test and distribute lines, as shown below:
--IF( m_two_factor_cd IS NULL )
--THEN
-- m_err_txt := appsec_only_pkg.f_send_2_factor( return_user, m_application_id );
--ELSIF( appsec_only_pkg.f_is_cur_cached_cd(
-- return_user, m_application_id, m_two_factor_cd ) = 'Y' )
--THEN
secret_pass_salt :=
app_sec_pkg.f_get_crypt_secret_salt( ext_modulus, ext_exponent );
secret_pass_count :=
app_sec_pkg.f_get_crypt_secret_count( ext_modulus, ext_exponent );
secret_pass :=
app_sec_pkg.f_get_crypt_secret_pass( ext_modulus, ext_exponent );
secret_pass_algorithm :=
app_sec_pkg.f_get_crypt_secret_algorithm(ext_modulus, ext_exponent);
m_crypt_connections := appsec_only_pkg.f_get_crypt_conns( m_class_instance );
--ELSE
-- -- Wrong 2-Factor code entered
-- RAISE NO_DATA_FOUND;
--END IF;
Make that same change to the appsec.appsec_admin_pkg.p_copy_app_conns procedure.
No comments:
Post a Comment