Shamdasani Nimmi-ANS004 wrote:
>Each application user, i.e., a supplier has only access to a subset of the database
>depending on what he/she is allowed to see but the database account(the account which
>is used by the application to get the connection pool) has access to the complete
>database. This database account information(user, password, etc.) is stored in
>struts-config.xml. This database account information is what the management is
>worried about.
Here I meant that the general Web user should not be allowed to do
things like drop tables ;-)
> So are you saying that the database server should only accept access by database
>account from the Webserver IP only. I am not much familiar with the setting up of the
>servers but could a database server be made to allow access on a database account
>only at a particular IP?
Typically.
> do you mean that the database account be the only one to be able to read the folder
>or that the application users be the only ones allowed to read?
Neither. I meant the account that is running the Web server, and needs
to read the file. The config file is actually accessed by the account
that the server is running under.
-- Ted Husted, Husted dot Com, Fairport NY USA.
-- Custom Software ~ Technical Services.
-- Tel +1 716 737-3463
-- http://www.husted.com/about/struts/
