Hi,
On Mon, 24 May 1999, Guillaume ORIOL wrote:
> In a servlet/web architecture (browser-web server-servlet-database),
> the servlet is the only program which directly accesses the database.
> According to many messages I read in this mailing list,
> the best solution for accessing database
> within a servlet seems to be connection pooling.
> And if I am right, in this situation,
> the servlet establishes all the connections at initialization
> with its own user/password.
> Does it mean that database authentication is bypassed
> and that security is the responsibility of the programer and not the
> database engine?
>
You are right. The database engine can at most establish a
"global" policy, for all programs (or servlets) using the same pool.
Some improvements are possible, to ease security rules implementation,
like using one pool (userid/pass) for "reporting" parts of your app,
and a pool with a more privileged userId for critical operations that
change important data..
But without taking the responsibility from programmer.
Cezar.
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
