| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: .NET, connection pooling and security .
I'm going to start looking at OID.
thanks,
steve
> We are going the OID way because of these problems.
>
> Anyway here is a wild idea:
>
> Tell the web guys to use the user userid (he probably logged to the web
> application) with a standard password that is common to all of them and is
> supplied by the web application, the user does not see it.
>
> If you have an information security guy, teach him how to add users and
> grant the application user role.
>
> The schema owner password need to be a closely held secret of the dba
group.
>
> Yechiel Adar
> Mehish
> ----- Original Message -----
> To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com>
> Sent: Sunday, November 30, 2003 5:49 AM
>
>
> > I hope somebody on the list can help me out with this.
> >
> > All of our 3-tier apps are architected with a schema owner (owns all
> objects
> > used by an application) and application user (no create privs, but it
does
> > have full dml privs to the schema owner objects).
> > On the web side, connection pooling is setup with 10 connections logged
in
> > (all as the application user).
> > When users connect, the application reads some active directory keys
that
> > tell if the user is a reader, dml user or admin user (all privs).
> >
> > I don't feel the application should be managing security and I'd like to
> > take that responsibility away.
> > The 10 identical connections logged into the database bothers me too.
> >
> > I'd like to make it work similar to our 2-tier apps where we use roles,
> > assign them to a user and they connect individually. We don't have OID
> setup
> > and I imagine that would solve this. Short of that, is there any other
way
> > to work around having the 10 identical connections logging in and having
> the
> > application maintaining security? Is there another way of assigning the
> > security?
> >
> > I don't have any web development experience and I thought I'd check here
> > first to see how others deal with this. I hope somebody else has
worked
> > this out at their shop.
> >
> > I'm not sure if the answers will change, but it's an all M$ shop, except
> for
> > Oracle.
> >
> > Any help would be appreciated.
> > Steve
> >
> >
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > --
> > Author: Steve Perry
> > INET: sperry_at_sprynet.com
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Yechiel Adar
> INET: adar76_at_inter.net.il
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Steve Perry INET: sperry_at_sprynet.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Sun Nov 30 2003 - 22:04:25 CST
 |
 |