Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Application vs database users

Application vs database users

From: <kochel_verz_at_yahoo.com>
Date: 29 May 2005 15:46:51 -0700
Message-ID: <1117406811.193612.121380@g43g2000cwa.googlegroups.com> 





Hi.


Please give some opinion on this:


Wich is the best approach for managing users in a typical three-tier
web application, using jdbc:



    
  
  1.   The database has one or two users with the proper grants and
privileges to manage data(eg. read_user for selects and admin_user for
inserts deletes and updates) In addition, there is a table with all
valid application users. The third tier will connect to the database as
one of the users, depending on the system login user, via jdbc. When
someone new registers on the site, a new row is added to the users
table.

  
  2.   Database users are also application users. So, when someone new
registers on the site, a new database user is created with the proper
privileges. No need for users table because application user equals
database user.







I know A and B have different security approaches, but appart from
that, what are the benefits/drawbacks of each implementation ?
When is one better than the other ?



Thanks a lot, and sorry for my english.
Received on Sun May 29 2005 - 17:46:51 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US