The problem is we connect to the database with one id with no privileges then switch to an app role which has all of the table privileges. I could execute a stored procedure in the <new-connection-sql> but the fear among our security people is if someone hacks our server, decryts the connection user password then all they have to do is execute the stored procedure to gain full access to the table.
I know, this is a long stretch but our security people view it as a real threat. :-( I think it's a load of bs! Earnie! View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889812#3889812 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889812 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
