Re: To Anyone involved in Web apps

From: mkb <mkb125_at_yahoo.com>
Date: Tue, 21 Jan 2003 13:40:28 -0800
Message-ID: <F001.00536A6E.20030121134028@fatcity.com>

Hi Regina,

I'll my 2 cents here. We are creating a single Oracle user for each connection. Our app is using IIS/ASP and Oracle as the DB.

We looked into using a single app user and controling security from the app. Since our is designed for a secure site, we wanted to keep as much control of security within the database as possible and leave as little to the IIS/ASP comboniation as we could. The security layer is built into the database and we only use the front end to authenticate to the database.

We have also turned on autiditing so that we know who has logged on and what they are doing - again, a requriment for the project. Granted, we could have done this via the front end application but we felt much more comfortable putting the security into the hands of the database layer even though this requried the creation of a database user per connection. This is handled via stored procs called from the front end by a security officer so there is very little DBA intervention in managing database users.

The disadvantage is obviously we can't use application connection pooling but we can use MTS; although on NT this seems to work not too well. We seem to see a lot of latency. Advantage is from the security perpective i.e. we let the datbase handle all the security, we know who, when and from where each user logged in and we can easliy control access by modifying roles and privs and they take effect immediately.

hth

mohammed

• Regina Harter <rharter_at_emc-inc.com> wrote:
  > Hi
  >
  > I have a question for any of you involved in Web
  > applications. I would
  > like to know how many of you go for the single
  > Oracle user for everyone
  > approach, and how many of you create Oracle schemas
  > for each user, and if
  > you can, what was the major reason for choosing that
  > approach. Any
  > opinions you wish to contribute will be helpful.
  >
  > Thank you,
  > Regina
  >
  > --
  > Please see the official ORACLE-L FAQ:
  > http://www.orafaq.net
  > --
  > Author: Regina Harter
  > INET: rharter_at_emc-inc.com
  >
  > Fat City Network Services -- 858-538-5051
  > http://www.fatcity.com
  > San Diego, California -- Mailing list and web
  > hosting services
  >
  

  ---

  
  > To REMOVE yourself from this mailing list, send an
  > E-Mail message
  > to: ListGuru_at_fatcity.com (note EXACT spelling of
  > 'ListGuru') and in
  > the message BODY, include a line containing: UNSUB
  > ORACLE-L
  > (or the name of mailing list you want to be removed
  > from). You may
  > also send the HELP command for other information
  > (like subscribing).
  >
  

  ---

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: mkb
  INET: mkb125_at_yahoo.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

Received on Tue Jan 21 2003 - 15:40:28 CST