-----Original Message-----
From: Kito D. Mann [SMTP:[EMAIL PROTECTED]]
Sent: Monday, March 29, 1999 4:29 PM
To: [EMAIL PROTECTED]
Subject: Re: Don't deploy generic user ID and password for database
access.
Sam Rose wrote:
> I've limited them to be able to
>
> Create/delete users/roles/views/tables
>
> They can do a few more things, what could the worst thing I allow
them
> to do, I mean I won't allow DBA access or anything near that.
> So accessing my DB should in theory be ok, as all users have a role
> which limits their actions.
>
> Or is this wrong?
Well, here's a few questions that should help you decide whether it's
okay to
just have one account for the servlet itself (which is probably more
common):
1. Do the users have _different_ rights?
Yes they do
2. Is someone watching the database logs to see what a particular user
does (or
is this necessary)?
Once in a while
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
