-----Original Message-----
From: Thomas Moore <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Thursday, March 25, 1999 8:00 AM
Subject: Re: Connection Pool (was Re: Can anyone explain this to me.)
>Vince said:
<snip>
>> There is a drawback to this.
>> You are giving up security.
> Ummm... That's actually a pretty big security hole. There might
be
>environments where it is OK, but from your description I would assume
>that:
Yep, in most situations it will be.
>a) The .class files are hard-coded with the sa password, which means
>that it exists as a legible string within the .class file and can be
>read by anyone who gets access to it. While you might restrict access
>to the server on which the servlet runs, this is no guarantee, which is
>why passwords are usually encrypted in the server's files...
Just used file with a tripledes-encrypted password.
>...and
>b) Any client can request a connection, and it is the responsibility of
>an intermediate broker to substitute in the proper user's login (and
>password?) If a privliged connection is returned by default to the
>requesting process and it is allowed to take care of the substitution,
>it would seem that anyone could request and get a sa connection to your
>database. Again, it wouldn't necessarily happen from someone just using
>their favorite web browser and following along the lines of your app,
>but I'm thinking it opens up issues that a malicious user or even
>less-than-competent programmer could use to blow away your data. I'm
>totally not convinced that the speed gain here is worth that kind of
>risk... All IMHO, of course...
We used a broker as a intermediator between the pool and the clients. There
was no direct access to the objectpool itself.
And besides this was used for a system which only ran on a private network,
no access to outside resources (or the other way around).
> Now, if you could have a "guest" resource open (someone with MO
privs,
>or only the most basic), and within that connection "su" to a real users
>account, that might be a Big Win. I'm pretty sure that would be a
>database specific implementation, but its interesting enough that I
>think I'm going to look into it...
>
;))
Well its fairly simple given certain conditions. (like security-aspects)
Vince M. Treur
-----------------------------------------
In stereo, where available.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
