Another option is a combination of these approaches. If the access privilege system is
defined in groups
(such as 'roles' in Oracle), you can authenticate on the server and use a connection
pool, but then send a
'set role' command to specify the privileges for that database session.
Joan
>
> Hi,
>
> I'm working on a project which includes accessing a database from a
> servlet. Now I'm wondering what is the best way to do so. There are two
> possibilities:
>
> 1. Create a database account for every user. On login, the servlet asks
> for the user's password and uses the user's login & password to create a
> connection with the database. Authentication is performed by the
> database.
>
> 2. The servlet gets an account of its own. Authentication is done by the
> servlet. All database communication is performed over the servlet
> account.
>
> Each has its advandates and disadvantages, e.g. with the first approach
> I can rely on the database's elaborate access privilege system (which I
> would have to implement myself otherwise), while with the second
> approach I may use connection pooling...
>
> Are there any other points which favor any of the possibilities?
>
> thx
> Heiko
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html