I'm tired of looking through the archives. Sorry, if this has been discussed
but, I can't find exactly what I'm looking for in there.
Up until now all of my servlets have accessed 'public' data in our database
using a userid and password hard coded in the servlet database connection. At
this point I need to write an application that accesses 'proprietary' data.
Database connections will authenticate according to the user's personal id and
password. I'm thinking I will implement a SingleThreadModel and create the
database connection using SSL (https://). Will this protect the data stream from
unauthorized 'eyes'? Will other instances of the servlet be able to access the
connection?
I don't want them to have to go through a logon screen for each query so, I'm
thinking I can keep the connection open and pass it to whatever classes the
servlet calls. If the connection remains idle for more than 5 minutes I will
close it. Again, will passing the connection allow unauthorized access to data ?
Do I have to implement SingleThreadModel or serialize the classes/connections in
all classes used by the calling servlet?
Does anyone see any 'holes' in this approach? Can you suggest a better strategy?
Thanking you in advance,
Stephen
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
