db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Quinton McCombs" <qmcco...@nequalsone.com>
Subject RE: Getting access to the db connections
Date Tue, 25 Mar 2003 02:30:32 GMT
I haven't actually tried that but I don't think that it will work.  The
actual JDBC methods to execute a stored proc and execute a SQL statement
are different.

> -----Original Message-----
> From: EPugh@upstate.com [mailto:EPugh@upstate.com] 
> Sent: Monday, March 24, 2003 5:51 PM
> To: torque-user@db.apache.org
> Subject: RE: Getting access to the db connections
> 
> 
> Humm...
> 
> I know you can provide a sql statement to "test" the 
> connection.  So, theoretically, you could exec a stroed 
> proc.. via something like:  exec MySproc
> 
> Here is my setup:
> 
> Torque.props:
> torque.database.default.adapter=mssql
> torque.dsfactory.default.factory=org.apache.torque.dsfactory.J
> ndiDataSourceF
> actory torque.dsfactory.default.jndi.path=java:comp/env/jdbc/fortius
> 
> Web.xml:
>     <resource-ref>
>       <description>
>         Resource reference to a factory for java.sql.Connection
>         instances that may be used for talking to a particular
>         database that is configured in the server.xml file.
>       </description>
>       <res-ref-name>
>         jdbc/fortius
>       </res-ref-name>
>       <res-type>
>         org.apache.torque.pool.TorqueClassicDataSource
>       </res-type>
>       <res-auth>
>         Container
>       </res-auth>
>     </resource-ref>  
> 
> Tomcat server.conf:
> <GlobalNamingResources>
>   <Resource name="jdbc/fortius" scope="Shareable" 
> type="javax.sql.DataSource"/>
>     <ResourceParams name="jdbc/fortius">
>       <parameter>
>         <name>validationQuery</name>
>         <value>SELECT 1</value>
>       </parameter>
>       <parameter>
>         <name>url</name>
>  
> <value>jdbc:microsoft:sqlserver://cuzco:1433;DatabaseName=fort
> ius;SelectMeth
> od=cursor</value>
>       </parameter>
>       <parameter>
>         <name>password</name>
>         <value>boo!</value>
>       </parameter>
>       <parameter>
>         <name>maxActive</name>
>         <value>8</value>
>       </parameter>
>       <parameter>
>         <name>maxWait</name>
>         <value>5000</value>
>       </parameter>
>       <parameter>
>         <name>driverClassName</name>
>         <value>com.microsoft.jdbc.sqlserver.SQLServerDriver</value>
>       </parameter>
>       <parameter>
>         <name>username</name>
>         <value>SilverUserLogin</value>
>       </parameter>
>       <parameter>
>         <name>maxIdle</name>
>         <value>2</value>
>       </parameter>
>     </ResourceParams>
> </GlobalNamingResources>
> 
> 
> -----Original Message-----
> From: Steve Lukshides [mailto:lukshide@us.ibm.com]
> Sent: Monday, March 24, 2003 6:48 PM
> To: Turbine Torque Users List
> Subject: RE: Getting access to the db connections
> 
> 
> 
> 
> 
> 
> 
> Eric, thanks for your input.  We're actually using WebSphere. 
>  I assume Torque can use WebSphere's connection pool, but 
> there is pretty scant documentation on Torque in general and 
> none that I've found that is WebSphere specific.  When you 
> say that the container sets up the pool, does Tomcat have the 
> ability to call a stored procedure for each connection established?
> 
> Steve
> 
> 
> 
> 
> |---------+---------------------------->
> |         |           EPugh@upstate.com|
> |         |                            |
> |         |           03/24/2003 06:23 |
> |         |           PM               |
> |         |           Please respond to|
> |         |           "Turbine Torque  |
> |         |           Users List"      |
> |         |                            |
> |---------+---------------------------->
>  
> >-------------------------------------------------------------
> ----------
> >----
> ----------------------------------------------------------|
>   |
> |
>   |       To:       torque-user@db.apache.org
> |
>   |       cc:
> |
>   |       Subject:  RE: Getting access to the db connections
> |
>   |
> |
>  
> >-------------------------------------------------------------
> ----------
> >----
> ----------------------------------------------------------|
> 
> 
> 
> 
> One thing you could use in connection pooling defined by the 
> Tomcat container (if that is what you are using).  Then it 
> means the container setsup the pool, and your app doens't 
> have a username/password, just a reference to the pool setup 
> by the container.
> 
> Then it would be up to the container to provide proper 
> security of the username and password.
> 
> What you have sounds pretty icky and resource intensive...  
> Security by obfuscation is typically not real secure!
> 
> Eric
> 
> -----Original Message-----
> From: Steve Lukshides [mailto:lukshide@us.ibm.com]
> Sent: Monday, March 24, 2003 6:25 PM
> To: torque-user@db.apache.org
> Subject: Getting access to the db connections
> 
> 
> 
> 
> 
> 
> Hi All,
> 
> Our Oracle DB Admin insists that we run a stored procedure 
> for each connection made to the database.  I'm not an Oracle 
> DBA so forgive me if this explanation is less than clear.  As 
> a security measure he expects every connection made to the 
> database to call a stored procedure to set the application's 
> role.  The idea is to prevent someone from logging on to the 
> DB through SQL Plus with the user name and password that 
> Torque uses and gain rights to use the database.  If someone 
> were to discover the username/password that Torque uses and 
> then logs on through SQL Plus they would not gain any rights 
> until the SP is executed, which they are not likely to know 
> and will be difficult to discover.
> 
> So my question is, how can I get at each connection that 
> Torque establishes, preferably at the time it is established, 
> and use it to execute the SP on?  Is this practical?  Is 
> there a better way to do this?
> 
> Thanks,
> Steve Lukshides
> 
> Sr. I/T Specialist, IBM Global Services
> 1475 Phoenixville Pike, West Chester, PA 19380
> Phone: 610-989-0340
> Voice Mail: 610-578-2385  IBM Tie Line: 873-2385
> Email: lukshide@us.ibm.com
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
> For additional commands, e-mail: torque-user-help@db.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
> For additional commands, e-mail: torque-user-help@db.apache.org
> 


Mime
View raw message