Discussions
Categories
- 196.8K All Categories
- 2.2K Data
- 235 Big Data Appliance
- 1.9K Data Science
- 449.9K Databases
- 221.6K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 549 MySQL Community Space
- 478 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3K ORDS, SODA & JSON in the Database
- 532 SQLcl
- 4K SQL Developer Data Modeler
- 186.9K SQL & PL/SQL
- 21.3K SQL Developer
- 295.5K Development
- 17 Developer Projects
- 138 Programming Languages
- 292.2K Development Tools
- 104 DevOps
- 3.1K QA/Testing
- 645.9K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 154 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.1K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 17 Java Essentials
- 158 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 203 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 402 LiveLabs
- 37 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.6K Other Languages
- 2.3K Chinese
- 171 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 230 Portuguese
Default login and reconnect issue
Hello everyone ,
I'm using Forms9i, Oracle databse9i, XP as OS and IE6 as browser.
Problem
I'm having a college project some of the requirements are as follow:-
1. the application is used by many users having different level of authorization.
2. they may log in at same time or different.
3.the application make database connection just once (default login to database) at the first time when it is called
What i'm doing:-
i use to make database connection using the "user having full authorisation on tables" and provide the login screen to users as the first interface.(login to databe is done thru coding)
according to the the privilage the interface will be loaded(i used enable /disable of the controls for differnt privilage like hiding the table or query button which does not belong to that user )but have no idea about the rest of the problems
The Problem i'm facing:-
connecting database with the user having full control will make any security loop hole, (although i provided a login screen and used restriction from application by disabling the controls)
if it is used by more than 1 person then at each time it will reconnect to the database (is there any way to prevent it)
like java servlet use reusable commponet (servlet/jsp pages) does forms do the same
thanks
Edited by: Rainbow on Sep 11, 2008 4:27 PM
I'm using Forms9i, Oracle databse9i, XP as OS and IE6 as browser.
Problem
I'm having a college project some of the requirements are as follow:-
1. the application is used by many users having different level of authorization.
2. they may log in at same time or different.
3.the application make database connection just once (default login to database) at the first time when it is called
What i'm doing:-
i use to make database connection using the "user having full authorisation on tables" and provide the login screen to users as the first interface.(login to databe is done thru coding)
according to the the privilage the interface will be loaded(i used enable /disable of the controls for differnt privilage like hiding the table or query button which does not belong to that user )but have no idea about the rest of the problems
The Problem i'm facing:-
connecting database with the user having full control will make any security loop hole, (although i provided a login screen and used restriction from application by disabling the controls)
if it is used by more than 1 person then at each time it will reconnect to the database (is there any way to prevent it)
like java servlet use reusable commponet (servlet/jsp pages) does forms do the same
thanks
Edited by: Rainbow on Sep 11, 2008 4:27 PM
Tagged:
Comments
-
My suggestions to you
1. create a user called guest with only connect privilege and a read only access to a table called USER_DETAILS
2. Login using the guest user account by default and then prompt for the login.
When the user enters the login, then verify first with the user_details table and then connect to the database using that.
You can prvent the number of sessions by a user account by using a profile. In the profile u can specify number of sessions and when you create a user specify the profile
Rajesh Alex
Message was edited by:
RajeshAlex -
Thanks, but can you draw some line on wheather the application will connect to database each time it will be called like 3 users are tring to use it then each time it will try to connect to database or only once connection will be done and the login for each user will be done afterward.
as you told to have a guest account that's ok but again connecting database with the user means creating differnt user in database and giving rights to them it won't seems good lets see if this application is used by 1000 users not all at the same time even then i have to make 1000 users in database and have to give then privelage. i can do it on the application side as well by controling thru enble disable feature of various controls . tell me what and how a security hole will be opend if i'm doing the way i thought of. -
How to disable the defaule login screen.... From Pawan Mishra
-
Hello Tony sir can you look up this problem and suggest me what i should do in it.
-
I didn't quite understood your problem.
Every Instance of the application will need to make a connection to the database.
If your "Super User" opens the application 3 times, the application needs to be connected to the database in 3 different sessions.
Tony -
Thank you , Actually i was comparing with Java Servlet as it maintain reusable component what i was curious to know is forms do the same while using the application. lets say it is deployed to IAS and now it is called by 10 people so it works as 10 new instance and if one closed then it is 9 left or it work like the Servlet pool where reusable objects are maintained.
This discussion has been closed.