Hi: Many applications have the requirement that they must maintain an audit trail that records which users made what persistent changes. I am trying to understand the potential solutions available when using EJB. Here is my understanding: 1. EJB requires that all connections must be obtained from a DataSource object. 2. If using BMP, the connection user id/password can be specified programatically in the getConnection() method. Hence, if BMP is used, the DBMS can automatically maintain the audit trail. This does NOT preclude using a connection pool, nor does it preclude obtaining the performance benefits associated with a connection pool. A connection pool is still being used. 3. When using CMP, the application uses a user id and password for the system as a whole. ***Are there any app server/CMP products that automatically use the user id/password associated with the security context to do SQL updates, rather than the system user id/password ????*** 4. If using CMP, the application needs to design some type of audit mechanism on top of the raw DBMS security mechanisms (e.g., the app writes the user id and time/date stamp fields in relevant tables). Are the above statements correct? Thanks. Laurel =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
