Friday, October 7, 2011

Book Code Corrections

For the VPD functions defined in Chapter 12, the return clause lengths that I defined are insufficient. The return clause for appsec.apps_for_admin is almost 400 characters, so it is fine; but I would increase the definition of rtrn_clause to VARCHAR2(600). In appsec.apps_for_user, the return clause is over 600 characters already, so I would increase the definition of rtrn_clause in that function to VARCHAR2(1000). I like to have room to breath, even if the actual lengths of these return clauses never change.

I will make this correction in the source code in the next update.
Posted by at No comments:

Sunday, October 2, 2011

Updates to Supplement

This is an update to the section entitled: Using Structures without Two-Factor Authentication

I'm going to give you the quickest path to disabling the 2-factor authentication. This will not remove references to 2-factor authentication from the code, nor will it remove the exchange of authentication codes between the client and server; it's just that, the blank codes will be exchanged and accepted. No codes will be required, and no codes will be sent to mobile devices or e-mail.

Modify the appsec.appsec_public_pkg.p_get_app_conns procedure, commenting the 2-factor authentication code test and distribute lines, as shown below:

--IF( m_two_factor_cd IS NULL )
--THEN
-- m_err_txt := appsec_only_pkg.f_send_2_factor( return_user, m_application_id );
--ELSIF( appsec_only_pkg.f_is_cur_cached_cd(
-- return_user, m_application_id, m_two_factor_cd ) = 'Y' )
--THEN
secret_pass_salt :=
app_sec_pkg.f_get_crypt_secret_salt( ext_modulus, ext_exponent );
secret_pass_count :=
app_sec_pkg.f_get_crypt_secret_count( ext_modulus, ext_exponent );
secret_pass :=
app_sec_pkg.f_get_crypt_secret_pass( ext_modulus, ext_exponent );
secret_pass_algorithm :=
app_sec_pkg.f_get_crypt_secret_algorithm(ext_modulus, ext_exponent);
m_crypt_connections := appsec_only_pkg.f_get_crypt_conns( m_class_instance );
--ELSE
-- -- Wrong 2-Factor code entered
-- RAISE NO_DATA_FOUND;
--END IF;

Make that same change to the appsec.appsec_admin_pkg.p_copy_app_conns procedure.

Posted by at No comments:
Subscribe to: Posts (Atom)