I think most applications need some preconfigurated data to startup. In our
application we need at least one user, one system language, one country, one
currency, ... So we supply a "demo database" (simply created using SQL)
which is installed and later modified by the end users to their needs.
And I think having a piece of code to create users oder anything else
without authentication may be lead to a security problem.
Greetings,
Andreas Maschke
----- Original Message -----
From: "David M. Karr" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 20, 2001 2:58 AM
Subject: Strategies for creating first user
> In most web applications, a user who doesn't have a user record simply has
to
> register to get a user record. When a web application is first
initialized, it
> doesn't matter that there are no user records, as the operation to create
a
> user is unrestricted.
>
> However, in other applications, only users with specific authorization
rights
> can create other user records. So, when an application is first
initialized,
> if there are no users, then no one can do anything.
>
> So, somehow you have to get that first user into the database. This isn't
> really EJB specific, but I'm sure some people have run into this
situation.
> What are reasonable strategies for designing a solution for this?
>
> Is it "reasonable" to just have some manual JDBC code on the server side
that
> knows what the user table looks like and manually inserts a login record?
>
> Is it "reasonable" to create a method with no access restrictions which
takes a
> password, and which does manual authentication, and then creates the
initial
> login record?
>
> --
> ===================================================================
> David M. Karr ; Best Consulting
> [EMAIL PROTECTED] ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
