Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Java and generic logins

Java and generic logins

From: Chris May <chris_at_cjmcjm.demon.co.uk>
Date: Mon, 8 Feb 1999 22:25:24 +0000
Message-ID: <pSf2NPAUR2v2EwcD@cjmcjm.demon.co.uk> 





Hi,



We are to rewrite some of our 2-tier applications as 3-tier using Java. 



Does anyone have any advice on whether it is better to retain specific
Oracle logins and passwords for each user or to use a pool of generic
logins which the middle tier then uses to access the database?



As the application is primarly transaction processing with about 150
known concurrent users I would prefer to keep access, for security,
auditing (and general ease of admin on my part), controlled on the
database via the traditional means: user specific logins, passwords and
roles.



This conflicts with the Java programmers who prefer to cache data in the
middle tier and have the application server then relay the updates back
to the database via a pool of generic logins.



I realise that is possible to take the control away from Oracle,
handling the security outside the database and auditing via other
methods - such as global package variables etc. However this seems less
desirable from my (RDBMS) point of of view - especially as Oracle have
themselves introduced new security features with Oracle8 (such as
password validation and aging, for example).



Any advice would welcome.


-- 


Chris May
Received on Mon Feb 08 1999 - 16:25:24 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US