I've just found out that connecting from a web site to a DB using the
DB actual user ID and passwords is a seriously bad idea.
A bit of a security issue :-)
I was wondering how I would get over this, as they need to use there
password to login to the database.
Basically do I use a generic username and password to connect to the
database, and then check the user ID and passwords against a table of
them all in?
If this was correct, then how does the user make alterations, i.e. how
if connecting to the database by a generic username and password can,
the User change his/her tables?
Any light thrown on the matter would be gratefully received.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
