-
hi,all:
we are developing a web application for a school.
scenario:
every student have a account, every student can select or drop course from web.
so i created user sch/sch
under this user, i created table
tudentinfo(studentid,username,password);
studentcourse(studentid,courseid);
for this web application connect to database, we need to provide database username and password,
choice 1. i can hardcode username password in my application, but i don't want to hardcode sch/sch, because it is not secure, also i may need to change password from time to time, if i hardcode it, i need to change my code each time i change my password.
choice 2. i can setup property file which my application can read username, and password infomation from there, but i don't want to do that either because it is not secure.
so how should i do it?
[Edited by beginner on 07-10-2001 at 06:12 PM]
guru is on the way!!!!
-
Another option is to use the database user authenication resources. I recommend creating the users within the database and they login to the database for validation. This gives you a few benefits like:
1. centralized user mgt.
2. strong security (as strong as your app and the database)
3. and does not need to be built.
-
Create the tables under a schema say sch/sch.
Then create another user eg sch_app
Grant whatever access you want(select/update/delete/insert) to the schema objects required under sch to
this user sch_app
Hemant
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|