Regina - I was the one that suggested a single signon because of connection pooling. If you are using IIS, I would recommend multiple signons. You may also want to study how to make IIS/ASP scale to the number of users you need to support. It can be done, but not everybody can do it.
Dennis Williams DBA, 40%OCP Lifetouch, Inc. [EMAIL PROTECTED] -----Original Message----- Sent: Tuesday, January 21, 2003 7:09 PM To: Multiple recipients of list ORACLE-L Thank you for the comments on this so far. Our situation is very similar to the one Mohammed describes here, IIS/ASP accessing Oracle as the DB. I like the idea of the database handling as much of the security as possible, especially as we have a number of applications accessing the same DB, and a good deal of overlap in the users of each, and we are requiring a username/password logon in each app. The only concrete argument I have seen so far in favor of the single oracle schema logon is the advantage of connection pooling. Since our applications are specialized use, and I doubt we'll ever have more than 50 concurrent users over all the apps, at what point does connection pooling become a significant performance benefit? Thank you Regina At 01:40 PM 1/21/2003 -0800, you wrote: >Hi Regina, > >I'll my 2 cents here. We are creating a single Oracle >user for each connection. Our app is using IIS/ASP >and Oracle as the DB. > >We looked into using a single app user and controling >security from the app. Since our is designed for a >secure site, we wanted to keep as much control of >security within the database as possible and leave as >little to the IIS/ASP comboniation as we could. The >security layer is built into the database and we only >use the front end to authenticate to the database. > >We have also turned on autiditing so that we know who >has logged on and what they are doing - again, a >requriment for the project. Granted, we could have >done this via the front end application but we felt >much more comfortable putting the security into the >hands of the database layer even though this requried >the creation of a database user per connection. This >is handled via stored procs called from the front end >by a security officer so there is very little DBA >intervention in managing database users. > >The disadvantage is obviously we can't use application >connection pooling but we can use MTS; although on NT >this seems to work not too well. We seem to see a lot >of latency. Advantage is from the security perpective >i.e. we let the datbase handle all the security, we >know who, when and from where each user logged in and >we can easliy control access by modifying roles and >privs and they take effect immediately. > >hth > >mohammed > >--- Regina Harter <[EMAIL PROTECTED]> wrote: > > Hi > > > > I have a question for any of you involved in Web > > applications. I would > > like to know how many of you go for the single > > Oracle user for everyone > > approach, and how many of you create Oracle schemas > > for each user, and if > > you can, what was the major reason for choosing that > > approach. Any > > opinions you wish to contribute will be helpful. > > > > Thank you, > > Regina > > > > -- > > Please see the official ORACLE-L FAQ: > > http://www.orafaq.net > > -- > > Author: Regina Harter > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services -- 858-538-5051 > > http://www.fatcity.com > > San Diego, California -- Mailing list and web > > hosting services > > >--------------------------------------------------------------------- > > To REMOVE yourself from this mailing list, send an > > E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of > > 'ListGuru') and in > > the message BODY, include a line containing: UNSUB > > ORACLE-L > > (or the name of mailing list you want to be removed > > from). You may > > also send the HELP command for other information > > (like subscribing). > > > > >__________________________________________________ >Do you Yahoo!? >Yahoo! Mail Plus - Powerful. Affordable. Sign up now. >http://mailplus.yahoo.com >-- >Please see the official ORACLE-L FAQ: http://www.orafaq.net >-- >Author: mkb > INET: [EMAIL PROTECTED] > >Fat City Network Services -- 858-538-5051 http://www.fatcity.com >San Diego, California -- Mailing list and web hosting services >--------------------------------------------------------------------- >To REMOVE yourself from this mailing list, send an E-Mail message >to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in >the message BODY, include a line containing: UNSUB ORACLE-L >(or the name of mailing list you want to be removed from). You may >also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Regina Harter INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: DENNIS WILLIAMS INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
