tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: SessionListener
Date Tue, 02 Dec 2003 15:22:53 GMT

> Won't quite do it, JDBCRealm looks for users in a database, I want to
> connect a user TO a database using their credentials, but the code to
> do this feat will be quite minimal by comparison.

This will make it hard to use a connection pool (which you mentioned
that you do/want to do).

Is there a particular reason for the database access paranoia? Most apps
connect to the db using the same login regardless of the user actually 
logged in to the application. They use other types of permission 
checking to see if you can perform some action, instead of relying on 
thr database for that kind of checking.

I absolutely agree that having multiple layers of security is great, but 
this one may make your application suck really bad, especially if you 
are using a db like Oracle, where the database connections are anything 
but "lightweight".


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message