Re: Web based application and Oracle user(s)

[Quoted] One of the very helpful attributes of Oracle's WebDB product (the current 3.0 version is called Oracle Portal) is the storing of all reports, forms, etc. in the database as stored procedures. This allows the use of Oracle's own security and access controls with all your web-accessed reports, etc. This as greatly simplified security for us. I know this doesn't answer your questions, but just in case you haven't seen WebDB in action, I thought I'd toss this out to you.

Dave Godbey <luhbey_at_erols.com> wrote:

>What are the options and the advantages for presenting Oracle housed
>data in web based applications?
 

>We are using Java servlets/JSP and ColdFusion in some of our
>applications to select criteria, query an Oracle 8i database, and
>prepare html pages for delivery of the information.
 

>Specifically, we are currently having discussions on how best to handle
>security and access to the database. Two current topics of discussion:
 

>1. Create an Oracle user for each registered user (we have a manageable
>number of users) and capture the user id and password during login and
>authentication.
 

>2. Create a single Oracle user that ColdFusion or JSP uses to access the
>database, and use the web/application server to authenticate the user.
>Knowing the identity of the authenticated user, limit programmatically
>what data each user can get back.
 

>Are there others? Are there any good papers or web sites that discuss
>these issues?
>Thanks,
>Dave
    Received on Wed Nov 01 2000 - 20:01:52 CET