Don't use a generic username and password. Authenticate against a username
and password out of a table in your database. It sounds like you also need a
table of permissions and yet another table to map the users to specific
permissions.
Aaron
If this doesn't make sense it's because I'm writing it at 2:20 AM. :-(
> -----Original Message-----
> From: Sam Rose [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 26, 1999 1:44 AM
> To: [EMAIL PROTECTED]
> Subject: Not using actual DB ID's and passwords?
>
>
> I've just found out that connecting from a web site to a DB using the
> DB actual user ID and passwords is a seriously bad idea.
> A bit of a security issue :-)
> I was wondering how I would get over this, as they need to use there
> password to login to the database.
>
> Basically do I use a generic username and password to connect to the
> database, and then check the user ID and passwords against a table of
> them all in?
>
> If this was correct, then how does the user make alterations, i.e. how
> if connecting to the database by a generic username and password can,
> the User change his/her tables?
>
> Any light thrown on the matter would be gratefully received.
>
> ______________________________________________________________
> _____________
> To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources:
> http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
