Securing datasources is no match for Weblogic. I do not know how Orion
handles this.
/korre
-----Original Message-----
From: Cliff Rowley [mailto:[EMAIL PROTECTED]]
Sent: den 13 februari 2001 20:09
To: Orion-Interest
Subject: Security between applications?
Greetings,
We are currently evaluating the various J2EE solutions available for a
venture that we hope to deliver to the world in a few months. Whilst
reading the documentation for each, I dont appear to be able to configure
Orion to suit the way the project will work.
In order for our application to be of any use, we need to be able to
implement a fair amount of security, since JSP pages may be at the mercy of
people who are not us.
Basically the application will provide a farm of hosts on which we will be
offering certain services. Each application needs to have a data source
that it, and only it has access to. The current problem as I see it is that
if I define a connection in data-sources.xml, then every web application
deployed on the server or cluster of servers has access to it. We need some
way of securing that while still being able to use EJB in all its glory. We
need to be able to offer the opportunity of creating and editing content
without compromising the security of other applications on the system.
Could anyone give us some tips and pointers on this?
Thanks
Cliff Rowley
