I haven't actually tried that but I don't think that it will work. The actual JDBC methods to execute a stored proc and execute a SQL statement are different.
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, March 24, 2003 5:51 PM > To: [EMAIL PROTECTED] > Subject: RE: Getting access to the db connections > > > Humm... > > I know you can provide a sql statement to "test" the > connection. So, theoretically, you could exec a stroed > proc.. via something like: exec MySproc > > Here is my setup: > > Torque.props: > torque.database.default.adapter=mssql > torque.dsfactory.default.factory=org.apache.torque.dsfactory.J > ndiDataSourceF > actory torque.dsfactory.default.jndi.path=java:comp/env/jdbc/fortius > > Web.xml: > <resource-ref> > <description> > Resource reference to a factory for java.sql.Connection > instances that may be used for talking to a particular > database that is configured in the server.xml file. > </description> > <res-ref-name> > jdbc/fortius > </res-ref-name> > <res-type> > org.apache.torque.pool.TorqueClassicDataSource > </res-type> > <res-auth> > Container > </res-auth> > </resource-ref> > > Tomcat server.conf: > <GlobalNamingResources> > <Resource name="jdbc/fortius" scope="Shareable" > type="javax.sql.DataSource"/> > <ResourceParams name="jdbc/fortius"> > <parameter> > <name>validationQuery</name> > <value>SELECT 1</value> > </parameter> > <parameter> > <name>url</name> > > <value>jdbc:microsoft:sqlserver://cuzco:1433;DatabaseName=fort > ius;SelectMeth > od=cursor</value> > </parameter> > <parameter> > <name>password</name> > <value>boo!</value> > </parameter> > <parameter> > <name>maxActive</name> > <value>8</value> > </parameter> > <parameter> > <name>maxWait</name> > <value>5000</value> > </parameter> > <parameter> > <name>driverClassName</name> > <value>com.microsoft.jdbc.sqlserver.SQLServerDriver</value> > </parameter> > <parameter> > <name>username</name> > <value>SilverUserLogin</value> > </parameter> > <parameter> > <name>maxIdle</name> > <value>2</value> > </parameter> > </ResourceParams> > </GlobalNamingResources> > > > -----Original Message----- > From: Steve Lukshides [mailto:[EMAIL PROTECTED] > Sent: Monday, March 24, 2003 6:48 PM > To: Turbine Torque Users List > Subject: RE: Getting access to the db connections > > > > > > > > Eric, thanks for your input. We're actually using WebSphere. > I assume Torque can use WebSphere's connection pool, but > there is pretty scant documentation on Torque in general and > none that I've found that is WebSphere specific. When you > say that the container sets up the pool, does Tomcat have the > ability to call a stored procedure for each connection established? > > Steve > > > > > |---------+----------------------------> > | | [EMAIL PROTECTED]| > | | | > | | 03/24/2003 06:23 | > | | PM | > | | Please respond to| > | | "Turbine Torque | > | | Users List" | > | | | > |---------+----------------------------> > > >------------------------------------------------------------- > ---------- > >---- > ----------------------------------------------------------| > | > | > | To: [EMAIL PROTECTED] > | > | cc: > | > | Subject: RE: Getting access to the db connections > | > | > | > > >------------------------------------------------------------- > ---------- > >---- > ----------------------------------------------------------| > > > > > One thing you could use in connection pooling defined by the > Tomcat container (if that is what you are using). Then it > means the container setsup the pool, and your app doens't > have a username/password, just a reference to the pool setup > by the container. > > Then it would be up to the container to provide proper > security of the username and password. > > What you have sounds pretty icky and resource intensive... > Security by obfuscation is typically not real secure! > > Eric > > -----Original Message----- > From: Steve Lukshides [mailto:[EMAIL PROTECTED] > Sent: Monday, March 24, 2003 6:25 PM > To: [EMAIL PROTECTED] > Subject: Getting access to the db connections > > > > > > > Hi All, > > Our Oracle DB Admin insists that we run a stored procedure > for each connection made to the database. I'm not an Oracle > DBA so forgive me if this explanation is less than clear. As > a security measure he expects every connection made to the > database to call a stored procedure to set the application's > role. The idea is to prevent someone from logging on to the > DB through SQL Plus with the user name and password that > Torque uses and gain rights to use the database. If someone > were to discover the username/password that Torque uses and > then logs on through SQL Plus they would not gain any rights > until the SP is executed, which they are not likely to know > and will be difficult to discover. > > So my question is, how can I get at each connection that > Torque establishes, preferably at the time it is established, > and use it to execute the SP on? Is this practical? Is > there a better way to do this? > > Thanks, > Steve Lukshides > > Sr. I/T Specialist, IBM Global Services > 1475 Phoenixville Pike, West Chester, PA 19380 > Phone: 610-989-0340 > Voice Mail: 610-578-2385 IBM Tie Line: 873-2385 > Email: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
