Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Application vs database users
kochel_verz_at_yahoo.com wrote:
> Hi.
> Please give some opinion on this:
> Wich is the best approach for managing users in a typical three-tier
> web application, using jdbc:
HansF wrote:
> Some reasons to ensure that each app user has a unique database userid:
>
[...]
> > Some reasons to avoid that: >
To take advantage of JDBC connection pooling (my experience in this regard is with BEA Weblogic) would naturally lead to the choice of one or two database logins (connection pools) for the entire application, instead of individual database users for each application user, so I don't agree that security is the only issue to consider (I guess that falls under the "hedge" clause...).
Also, on the flip side of security, creating new database users and resetting forgotten passwords requires DBA privilege, while adding/updating rows in an application-level table does not.
As HansF mentioned, there are trade-offs that only your business needs can determine.
-Mark Bole Received on Tue May 31 2005 - 19:19:16 CDT