Forum Stats

  • 3,816,536 Users
  • 2,259,202 Discussions
  • 7,893,507 Comments

Discussions

Default login and reconnect issue

639858
639858 Member Posts: 54
edited Sep 11, 2008 7:50AM in Forms
Hello everyone ,
I'm using Forms9i, Oracle databse9i, XP as OS and IE6 as browser.
Problem
I'm having a college project some of the requirements are as follow:-
1. the application is used by many users having different level of authorization.
2. they may log in at same time or different.

3.the application make database connection just once (default login to database) at the first time when it is called

What i'm doing:-
i use to make database connection using the "user having full authorisation on tables" and provide the login screen to users as the first interface.(login to databe is done thru coding)
according to the the privilage the interface will be loaded(i used enable /disable of the controls for differnt privilage like hiding the table or query button which does not belong to that user )but have no idea about the rest of the problems

The Problem i'm facing:-
connecting database with the user having full control will make any security loop hole, (although i provided a login screen and used restriction from application by disabling the controls)

if it is used by more than 1 person then at each time it will reconnect to the database (is there any way to prevent it)

like java servlet use reusable commponet (servlet/jsp pages) does forms do the same

thanks

Edited by: Rainbow on Sep 11, 2008 4:27 PM
Tagged:

Comments

  • 574682
    574682 Member Posts: 1,255
    edited Aug 5, 2008 9:26AM
    My suggestions to you

    1. create a user called guest with only connect privilege and a read only access to a table called USER_DETAILS

    2. Login using the guest user account by default and then prompt for the login.
    When the user enters the login, then verify first with the user_details table and then connect to the database using that.

    You can prvent the number of sessions by a user account by using a profile. In the profile u can specify number of sessions and when you create a user specify the profile

    Rajesh Alex

    Message was edited by:
    RajeshAlex
  • 639858
    639858 Member Posts: 54
    Thanks, but can you draw some line on wheather the application will connect to database each time it will be called like 3 users are tring to use it then each time it will try to connect to database or only once connection will be done and the login for each user will be done afterward.
    as you told to have a guest account that's ok but again connecting database with the user means creating differnt user in database and giving rights to them it won't seems good lets see if this application is used by 1000 users not all at the same time even then i have to make 1000 users in database and have to give then privelage. i can do it on the application side as well by controling thru enble disable feature of various controls . tell me what and how a security hole will be opend if i'm doing the way i thought of.
  • 655594
    655594 Member Posts: 1
    How to disable the defaule login screen.... From Pawan Mishra
  • 639858
    639858 Member Posts: 54
    Hello Tony sir can you look up this problem and suggest me what i should do in it.
  • Tony Garabedian
    Tony Garabedian Member Posts: 3,375
    I didn't quite understood your problem.

    Every Instance of the application will need to make a connection to the database.
    If your "Super User" opens the application 3 times, the application needs to be connected to the database in 3 different sessions.


    Tony
  • 639858
    639858 Member Posts: 54
    Thank you , Actually i was comparing with Java Servlet as it maintain reusable component what i was curious to know is forms do the same while using the application. lets say it is deployed to IAS and now it is called by 10 people so it works as 10 new instance and if one closed then it is 9 left or it work like the Servlet pool where reusable objects are maintained. :)
This discussion has been closed.