Title: SV: Security between applications?

Turning back to the original msg..


One obious option would be to set it up so that each application has a unique ID and that this ID is used whenever referecing tables. I.E including this id in all entities. I guess this is not the option you want?

How about specifying different databases for each application?

I know there was a discussion going on about having an option for prepending the deployment name to any tables generated at deploy time. Not sure if this orion-specific option is currently included or not though.

Im afraid im still a bit unsure about what you really need.
If you are going to use ONE EJB application and numberous web-applications, then I dont really see the problem.

When it comes to licenses, you can of course use Orion to your hearts desire as long as it is non-commercial.

WR


> -----Ursprungligt meddelande-----
> Fr�n: Cliff Rowley [mailto:[EMAIL PROTECTED]]
> Skickat: den 13 februari 2001 11:09
> Till: Orion-Interest
> �mne: Security between applications?
>
>
> Greetings,
>
> We are currently evaluating the various J2EE solutions available for a
> venture that we hope to deliver to the world in a few months.  Whilst
> reading the documentation for each, I dont appear to be able
> to configure
> Orion to suit the way the project will work.
>
> In order for our application to be of any use, we need to be able to
> implement a fair amount of security, since JSP pages may be
> at the mercy of
> people who are not us.
>
> Basically the application will provide a farm of hosts on
> which we will be
> offering certain services.  Each application needs to have a
> data source
> that it, and only it has access to.  The current problem as I
> see it is that
> if I define a connection in data-sources.xml, then every web
> application
> deployed on the server or cluster of servers has access to
> it.  We need some
> way of securing that while still being able to use EJB in all
> its glory.  We
> need to be able to offer the opportunity of creating and
> editing  content
> without compromising the security of other applications on the system.
>
> Could anyone give us some tips and pointers on this?
>
> Thanks
>
> Cliff Rowley
>
>

Reply via email to