Re: Servlet-Database security

Sat, 04 Nov 2000 09:06:23 -0800 

First of all what app server will you be using?

Second of all I don't think Single Thread will be your solution, please
see the archives on that discussion.

You could possibly store in session, depending on how secure you want
this, some indicator.


----- Original Message -----
From: Stephen Casey <[EMAIL PROTECTED]>
Date: Friday, November 3, 2000 12:24 pm
Subject: Servlet-Database security

> I'm tired of looking through the archives. Sorry, if this has been
> discussedbut, I can't find exactly what I'm looking for in there.
>
> Up until now all of my servlets have accessed 'public' data in our
> databaseusing a userid and password hard coded in the servlet
> database connection. At
> this point I need to write an application that accesses
> 'proprietary' data.
> Database connections will authenticate according to the user's
> personal id and
> password. I'm thinking I will implement a SingleThreadModel and
> create the
> database connection using SSL (https://). Will this protect the
> data stream from
> unauthorized 'eyes'? Will other instances of the servlet be able
> to access the
> connection?
>
> I don't want them to have to go through a logon screen for each
> query so, I'm
> thinking I can keep the connection open and pass it to whatever
> classes the
> servlet calls. If the connection remains idle for more than 5
> minutes I will
> close it. Again, will passing the connection allow unauthorized
> access to data ?
> Do I have to implement SingleThreadModel or serialize the
> classes/connections in
> all classes used by the calling servlet?
>
> Does anyone see any 'holes' in this approach? Can you suggest a
> better strategy?
>
> Thanking you in advance,
> Stephen
>
>
________________________________________________________________________
___
> To unsubscribe, send email to [EMAIL PROTECTED] and include in
> the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http:
> Resources: http://java.sun.com/products/servlet/external-
> resources.htmlLISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to