This content has been marked as final. Show 4 replies
Thanks Rima for your reply. Yes, I agree with you that replacing connection pool with a DAD will ends up with DAD for every user. As a concenquence, it may hurt performance all together. That is also my worry. I haven't seen any documentation from Oracle about switching connection to DAD. Is there any reason for this?
Please update your forum profile with a real handle instead of "user3935570".
In order to use existing Visual Private database, we need to get authenticated session_user in APEX (that will be APEX_PUB_USER by default). One developer suggests to create a new authenticated DAD(database access descriptor) to replace default connection pool that is coming with APEX as default.This is a false premise. Changing a modplsql DAD will not replace connection pooling, nor convert APEX apps from "lightweight" to "heavyweight" applications (whatever you mean by that).
Yes, I agree with you that replacing connection pool with a DAD will ends up with DAD for every user.You're not replacing the connection pool, and it's not necessary to create a DAD for every user. Using DAD Credentials Verification as the authentication scheme with a DAD without <tt>PlsqlDatabaseUsername</tt> and <tt>PlsqlDatabasePassword</tt> parameters, users can enter their DB credentials in response to the browser basic authentication challenge, and sessions for these DB users will be set up in the connection pool. Still a transient stateless connection over HTTP; still a connection pool; still no roles; still running APEX app code as the application parsing schema; but <tt>user</tt> is the DB user entered, not <tt>APEX_PUBLIC_USER</tt>. (Feel free to construe this as "light" or "heavy" as you see fit.)
If your existing VPD is dependent on <tt>user</tt> values, but not on roles or invokers' rights packages, then it will continue to work when using DAD Credentials Verification as the authentication scheme. However you are strongly advised to rewrite the VPD scheme to use predicates based on system contexts, using the VPD security attribute to set these in APEX apps.
As I've never run this using DAD Credentials Verification in a production environment (and—to be clear—never intend to, as it's a bad idea), nor changed connection pool settings from the defaults, I have no idea about any impact on performance.