One thing you could use in connection pooling defined by the Tomcat container (if that is what you are using). Then it means the container setsup the pool, and your app doens't have a username/password, just a reference to the pool setup by the container.
Then it would be up to the container to provide proper security of the username and password. What you have sounds pretty icky and resource intensive... Security by obfuscation is typically not real secure! Eric -----Original Message----- From: Steve Lukshides [mailto:[EMAIL PROTECTED] Sent: Monday, March 24, 2003 6:25 PM To: [EMAIL PROTECTED] Subject: Getting access to the db connections Hi All, Our Oracle DB Admin insists that we run a stored procedure for each connection made to the database. I'm not an Oracle DBA so forgive me if this explanation is less than clear. As a security measure he expects every connection made to the database to call a stored procedure to set the application's role. The idea is to prevent someone from logging on to the DB through SQL Plus with the user name and password that Torque uses and gain rights to use the database. If someone were to discover the username/password that Torque uses and then logs on through SQL Plus they would not gain any rights until the SP is executed, which they are not likely to know and will be difficult to discover. So my question is, how can I get at each connection that Torque establishes, preferably at the time it is established, and use it to execute the SP on? Is this practical? Is there a better way to do this? Thanks, Steve Lukshides Sr. I/T Specialist, IBM Global Services 1475 Phoenixville Pike, West Chester, PA 19380 Phone: 610-989-0340 Voice Mail: 610-578-2385 IBM Tie Line: 873-2385 Email: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
