Sam, I wouldn't worry about this. As long as your DB cannot be accessed across the firewall (and if it can can you please tell us and also post a message to [EMAIL PROTECTED]) there should be no problem. All security is a balance between making things too difficult to use and develop and making things really secure. I would argue that as long as the users and management are aware of this problem you have done your job. The application must be set up to use users' db passwords because: 1. it is easier to write that way 2. [most importantly] users will actually use it that way 3. it's not that big a deal as long as the firewall stops hackers making JDBC connections across the internet. 4. and your servlet has some application level control (very likely I'd have thought). Ergo - don't worry. Nic Ferrier Tapsell-Ferrier Ltd www.tapsellferrier.co.uk >>> Sam Rose <[EMAIL PROTECTED]> 3/29/99 10:19:22 AM >>> As the subject suggests? If as I've been told I don't use the actual userID and passwords to log into the DB from a web site or a generic username and password, then what do I use? How can I connect to the DB? My plan is for a single servlet to get the users password and username, then log into the DB. What approach should I take, considering that the username and password they give is the equivalent to the DB's. ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
