Hi Regina, I'll my 2 cents here. We are creating a single Oracle user for each connection. Our app is using IIS/ASP and Oracle as the DB.
We looked into using a single app user and controling security from the app. Since our is designed for a secure site, we wanted to keep as much control of security within the database as possible and leave as little to the IIS/ASP comboniation as we could. The security layer is built into the database and we only use the front end to authenticate to the database. We have also turned on autiditing so that we know who has logged on and what they are doing - again, a requriment for the project. Granted, we could have done this via the front end application but we felt much more comfortable putting the security into the hands of the database layer even though this requried the creation of a database user per connection. This is handled via stored procs called from the front end by a security officer so there is very little DBA intervention in managing database users. The disadvantage is obviously we can't use application connection pooling but we can use MTS; although on NT this seems to work not too well. We seem to see a lot of latency. Advantage is from the security perpective i.e. we let the datbase handle all the security, we know who, when and from where each user logged in and we can easliy control access by modifying roles and privs and they take effect immediately. hth mohammed --- Regina Harter <[EMAIL PROTECTED]> wrote: > Hi > > I have a question for any of you involved in Web > applications. I would > like to know how many of you go for the single > Oracle user for everyone > approach, and how many of you create Oracle schemas > for each user, and if > you can, what was the major reason for choosing that > approach. Any > opinions you wish to contribute will be helpful. > > Thank you, > Regina > > -- > Please see the official ORACLE-L FAQ: > http://www.orafaq.net > -- > Author: Regina Harter > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 > http://www.fatcity.com > San Diego, California -- Mailing list and web > hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an > E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of > 'ListGuru') and in > the message BODY, include a line containing: UNSUB > ORACLE-L > (or the name of mailing list you want to be removed > from). You may > also send the HELP command for other information > (like subscribing). > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: mkb INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
