I've limited them to be able to Create/delete users/roles/views/tables They can do a few more things, what could the worst thing I allow them to do, I mean I won't allow DBA access or anything near that. So accessing my DB should in theory be ok, as all users have a role which limits their actions. Or is this wrong? -----Original Message----- From: Henry J. Cobb [SMTP:[EMAIL PROTECTED]] Sent: Monday, March 29, 1999 3:29 PM To: [EMAIL PROTECTED] Subject: Don't deploy generic user ID and password for database access. Instead, have a property file that reveals a user ID and password for your servlet that ONLY has permissions to run a few SQL functions in your database. _______________________________________________________________________ ____ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
