Robert, Is there any particular reason you need to have the database use the name and password for a particular user? Could you just have one (or a few) user accounts for the database? In all of the systems I've developed, we generally just have a single account and pool connections to it... If you do all your logging and access control through the servlet, then there's really no need to enforce additional security at the database level. Kito D. Mann [EMAIL PROTECTED] [EMAIL PROTECTED] Wednesday January 19, 2000 06:38 PM Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: (bcc: Kito Mann/PSG/Prudential) Subject: Servlets as part of a multi-tier DB application I am designing a multi-tier application in which the User Interface interacts with Problem Domain objects, which interact with Data Management objects, which interacts with the database. This will be a multi-user application, so users will access the system via a username and password, which will be used, in part for database connections. Here is where I am running into problems - if my database connections require the username and password to access the database, how do I get this information down to the DM layer without passing it through the PD layer? I don't want the PD objects to be polluted with the notion of users or an underlying database. I know I can store any information I like in session variables, but how can the DM objects determine what session called them without session information being passed down through the PD layer? I've started looking at Enterprise Java Beans as a possible solution, but it seems like there is a lot of overhead there that I don't necessarily need. Thanks, and I look forward to your comments. --- Robert S. Martin First Quadrant, L.L.P.Title: Servlets as part of a multi-tier DB application
I am designing a multi-tier application in which the User Interface interacts with Problem Domain objects, which interact with Data Management objects, which interacts with the database. This will be a multi-user application, so users will access the system via a username and password, which will be used, in part for database connections. Here is where I am running into problems - if my database connections require the username and password to access the database, how do I get this information down to the DM layer without passing it through the PD layer? I don't want the PD objects to be polluted with the notion of users or an underlying database. I know I can store any information I like in session variables, but how can the DM objects determine what session called them without session information being passed down through the PD layer? I've started looking at Enterprise Java Beans as a possible solution, but it seems like there is a lot of overhead there that I don't necessarily need. Thanks, and I look forward to your comments.
---
Robert S. Martin
First Quadrant, L.L.P.
