RE: To Anyone involved in Web apps

Regina - I was the one that suggested a single signon because of connection pooling. If you are using IIS, I would recommend multiple signons. You may also want to study how to make IIS/ASP scale to the number of users you need to support. It can be done, but not everybody can do it.

Dennis Williams
DBA, 40%OCP
Lifetouch, Inc.
dwilliams_at_lifetouch.com

-----Original Message-----
Sent: Tuesday, January 21, 2003 7:09 PM
To: Multiple recipients of list ORACLE-L

Thank you for the comments on this so far. Our situation is very similar to the one Mohammed describes here, IIS/ASP accessing Oracle as the DB. I like the idea of the database handling as much of the security as possible, especially as we have a number of applications accessing the same DB, and a good deal of overlap in the users of each, and we are requiring a username/password logon in each app.

The only concrete argument I have seen so far in favor of the single oracle schema logon is the advantage of connection pooling. Since our applications are specialized use, and I doubt we'll ever have more than 50 concurrent users over all the apps, at what point does connection pooling become a significant performance benefit?

Thank you
Regina

At 01:40 PM 1/21/2003 -0800, you wrote:
>Hi Regina,
>
>I'll my 2 cents here. We are creating a single Oracle
>user for each connection. Our app is using IIS/ASP
>and Oracle as the DB.
>
>We looked into using a single app user and controling
>security from the app. Since our is designed for a
>secure site, we wanted to keep as much control of
>security within the database as possible and leave as
>little to the IIS/ASP comboniation as we could. The
>security layer is built into the database and we only
>use the front end to authenticate to the database.
>
>We have also turned on autiditing so that we know who
>has logged on and what they are doing - again, a
>requriment for the project. Granted, we could have
>done this via the front end application but we felt
>much more comfortable putting the security into the
>hands of the database layer even though this requried
>the creation of a database user per connection. This
>is handled via stored procs called from the front end
>by a security officer so there is very little DBA
>intervention in managing database users.
>
>The disadvantage is obviously we can't use application
>connection pooling but we can use MTS; although on NT
>this seems to work not too well. We seem to see a lot
>of latency. Advantage is from the security perpective
>i.e. we let the datbase handle all the security, we
>know who, when and from where each user logged in and
>we can easliy control access by modifying roles and
>privs and they take effect immediately.
>
>hth
>
>mohammed
>
>--- Regina Harter <rharter_at_emc-inc.com> wrote:
> > Hi
> >
> > I have a question for any of you involved in Web
> > applications. I would
> > like to know how many of you go for the single
> > Oracle user for everyone
> > approach, and how many of you create Oracle schemas
> > for each user, and if
> > you can, what was the major reason for choosing that
> > approach. Any
> > opinions you wish to contribute will be helpful.
> >
> > Thank you,
> > Regina
> >
> > --
> > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.net
> > --
> > Author: Regina Harter
> > INET: rharter_at_emc-inc.com
> >
> > Fat City Network Services -- 858-538-5051
> > http://www.fatcity.com
> > San Diego, California -- Mailing list and web
> > hosting services
> >
>---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB
> > ORACLE-L
> > (or the name of mailing list you want to be removed
> > from). You may
> > also send the HELP command for other information
> > (like subscribing).
> >
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>http://mailplus.yahoo.com
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.net
>--
>Author: mkb
> INET: mkb125_at_yahoo.com
>
>Fat City Network Services -- 858-538-5051 http://www.fatcity.com
>San Diego, California -- Mailing list and web hosting services
>---------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Regina Harter
  INET: rharter_at_emc-inc.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: DENNIS WILLIAMS
  INET: DWILLIAMS_at_LIFETOUCH.COM

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).