Unfortunately, the paranoia is founded in this case, though I do agree. Justin
-----Original Message----- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 02, 2003 10:23 AM To: Tomcat Users List Subject: Re: SessionListener Justin, > Won't quite do it, JDBCRealm looks for users in a database, I want to > connect a user TO a database using their credentials, but the code to > do this feat will be quite minimal by comparison. This will make it hard to use a connection pool (which you mentioned that you do/want to do). Is there a particular reason for the database access paranoia? Most apps connect to the db using the same login regardless of the user actually logged in to the application. They use other types of permission checking to see if you can perform some action, instead of relying on thr database for that kind of checking. I absolutely agree that having multiple layers of security is great, but this one may make your application suck really bad, especially if you are using a db like Oracle, where the database connections are anything but "lightweight". -chris --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
