The username and password should never be included in the URL. This feature is generally only provided for testing purposes. If the goal is to avoid having users provide connect information, that information can be stored in the formsweb.cfg in the "userid" parameter. This would avoid the values from being displayed on the URL and would avoid users from having to enter any information.
I mean by user my application user and not oracle user!
So I have more than 100 persons who are using the app and each one has his own username and password.
So I have to call my app, whitch startes by sign in screen, whitch it will receive the username and password of each person.
These information are unfortunately showen in the url bar!!!!
how can I hide them?
They are showing in the Address bar because you are putting them in your code that starts the application. Oracle Forms is not doing this. If you don't want the username and password in the URL then remove it. For example, do NOT do this:
Instead, do this:
If the user you pass through the url is not the db-user, why do you have to pass the password at all? Couldn't you just pass the username, butg in an encrypted way (somehow encrypt it in your starting application, and decrypt it on the forms-side afterwards. This way, no one could pass a user "by hand")