Dave, That's exactly what I was looking for - proxy authentication. I created a thread on this forum about this but the reply I got is that ColdFusion does not natively support this. So, the solution is to either create our own JNDI datasource using Java. However, I decided to not go this way and instead set the client identifier prior to executing each query. This should work and according to my testing it does not inflict a heavy performance degradation.
>Joseph, > >I did some googling and found that Oracle has 'proxy user authentication'. >See this Ask Tom article (someone wanting to do the same thing as you are, >but in java): > >http://tinyurl.com/6qe8xk > >Although I don't know if you can do it with the ColdFusion setup directly, >but maybe you can access some underlying java component to do it. Hopefully >this might give you another alternative. Let me know how it turns out. > >Dave > >Exactly! > >You perfectly understood my concern. If ColdFusion supported dynamic >connection parameter injection or proxy authentication then we can identify >the connection pool users but there is no straightforward solution to this. >Through pooling we are connected through one db user which for security >complaince (PCI) we need to remove this hole while keeping the benefits of >pooling. Triggers can help certainly help us for auditing but again at db >level I do not want have the same user showing up in my logs. > >>Got it. Now I understand better. You want to pass the userid of your >>'logged in user' to track the change in the database instead of using the >>user id that the datasource is logged in as. >> >>I don't see any way for you to do this without changing your code. Maybe >>someone else can come up with something, but I just don't see any way >around >>it. Whether you change it to implement the idea you had below or do it >some >>other way, bottom line is, you will need to change your code to make Oracle >>aware of each individual user's ID. >> >>You might still be able to find a way to use the triggers, but I still >think >alternative. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309457 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
