> There are two
> possibilities:
>
> 1. Create a database account for every user. On login, the
> servlet asks
> for the user's password and uses the user's login & password
> to create a
> connection with the database. Authentication is performed by the
> database.
>
> 2. The servlet gets an account of its own...
I think 1 need not be as painful as that. "single sign-on" should be
possible, at least if you restrict yourself to certain vendors' tools
(e.g., W2K). In this approach, the DBMS does not have its own account
set, but uses your regular user accounts. Kerberos is a likely underlying
security technology. The user's browser would authenticate *and* forward
the user's TGT to the web server. The web server would then impersonate
the user when connecting to the database.
This scenario is one of the reasons I think:
(a) the servlets spec needs to expose more security details about the
client, and
(b) the world needs a standard for how web browsers forward Kerberos TGTs
to web servers.
Mike
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
