Hi, My DBA's preferred authentication method is to set up a UNIX user account (i.e. userA) and let them login without using plaintext password authentication, ie. The user has to be logged in, they can then run (for example) sqlplus / and that will log them into the correct database. This is to prevent having to specify a username / password in a PHP script (or a config file that gets loaded). If the username / password is visible in the script, then someone can login and start making manual edits to the data using sql commands. To implement this, I have ensured my apache instance is running as 'userA' and I have tried all sorts of combinations of things username = "" password = "", username = "/" password = "", username="/" password ="/" etc.. to get this working (It works fine from the command line) but the OCILogon function requires a username and a password, so is not happy. One solution to this is that the DBA opens up the DB to plaintext authentication, I store the username / password in a config file with read only permissions (only for the owner, userA), and then only someone who knows userA's password can login and view this config file. But that does not fit in with the way my DBA wants me to authenticate. Has anyone got a solution for this? Regards
