I am trying to implement a web application user login system where every user is an Oracle user, so I can avoid having tables containing passwords and what not. In fact, having passwords in a table is not an option, even if they're encrypted. Anyway, I'm trying to set it up so that the login page is under a DAD that logs in as a user with rights to the login package only. Then, once the user has typed in their name and password and submitted, I want to then log them in as their user that has already been created in Oracle.

The first part is easy enough, but I have tried unsuccessfully to find some way to use dynamic sql to change users, such as EXECUTE IMMEDIATE 'CONNECT user/pass@db'; and concatenating the appropriate values, but nothing seems to work.

I'm trying to avoid the basic authentication dialog box, as well as avoiding storing passwords in tables. I have looked into the custom authorization stuff provided by owa_custom, but I can't see any way to implement it with Oracle users. Any help on this would be greatly appreciated. Thanks!

"connect" is a SQL*Plus command and hence cannot be executed dynamically. Other examples would be "show user", "desc table" etc. Only sql commands can be executed using dynamic sql.

But if you have the uid & pwd, can you not connect from your web application to see if the user is a valid database user or not ?

Yeah, that is an option. I'm trying to avoid using JDBC or anything like that. However, if need be, I suppose that is something I can try. If there are any other ways to connect from the app, I would be interested in hearing about them. My experience with web application login systems is extremely limited, so any kind of help is greatly appreciated.