Does anyone have a link to or an opinion on a good strategy to deploy involving database/application security? Specifically, we are currently debating keeping our current security scheme where: 1) each user has his/her own Oracle account, and the servlet parks the username password for use on trips subsequent to the login (Oracle authentication) or going to: 2) creating a single Oracle user for the servlet container to use while using the web server/application server to authenticate the user (web server authentication). We have a manageable (closed) set of users, so the management of the user base is not an issue. In your view, what are the advantages/disadvantages of each of these schemes, and are there others? How does the connection pool strategy fit into 1 and 2 above? Thanks for your time, Dave Godbey ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
