Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> .NET, connection pooling and security .

.NET, connection pooling and security .

From: Steve Perry <sperry_at_sprynet.com>
Date: Sat, 29 Nov 2003 19:49:33 -0800
Message-ID: <F001.005D82F2.20031129194933@fatcity.com> 





I hope somebody on the list can help me out with this.



All of our 3-tier apps are architected with a schema owner (owns all objects
used by an application) and application user (no create privs, but it does
have full dml privs to the schema owner objects).
On the web side, connection pooling is setup with 10 connections logged in


(all as the application user).



When users connect, the application reads some active directory keys that
tell if the user is a reader, dml user or admin user (all privs).



I don't feel the application should be managing security and I'd like to
take that responsibility away.


The 10 identical connections logged into the database bothers me too.



I'd like to make it work similar to our 2-tier apps where we use roles,
assign them to a user and they connect individually. We don't have OID setup
and I imagine that would solve this. Short of that, is there any other way
to work around having the 10 identical connections logging in and having the
application maintaining security? Is there another way of assigning the
security?



I don't have any web development experience and I thought I'd check here
first to see how others deal with this.  I  hope somebody else has worked
this out at their shop.



I'm not sure if the answers will change, but it's an all M$ shop, except for
Oracle.



Any help would be appreciated.


Steve



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Steve Perry
  INET: sperry_at_sprynet.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L


(or the name of mailing list you want to be removed from).  You may

also send the HELP command for other information (like subscribing).


Received on Sat Nov 29 2003 - 21:49:33 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US