http://myserver/callcenter_enu/start.swe?SWECmd=ExecuteLogin&SWEUserName=NotSADMINPlease&SWEPassword=yourpasswordincleartext
If you - for whatever reason - use URL-based authentication to load Siebel CRM application content in a browser or iframe then you should strongly consider reading Oracle Support Document 1496603.1 (Removing URL-Based Authentication in Siebel CRM).
In this document, Oracle recommends their customers to refrain from using the obviously insecure authentication via clear-text URL arguments (SWEUserName and SWEPassword). As a transitional solution, customers can add the EnableURLCredentials parameter to the eapps.cfg file (and set it to TRUE) to allow URL-based authentication.
However, Oracle plans to remove any support for URL-based authentication (and the aforementioned parameter) "following the release of Innovation Pack 2013".
So with IP 2014 around the corner, it's time to think about alternatives such as Single-Sign-On or Web Services Security.
Are you affected by this change? Please share your thoughts in the comments.
have a nice day
@lex
No comments:
Post a Comment