how to control the login security of a web application using database?
Posted on 2003-03-12
I have developed something which I am not sure if it is the best way to do it.
I am trying to control user login by query the Oracle database.
1. I create an user account in the database for the user, therefore, I pass the login to Oracle driver to varified the user--
DriverManager.getConnection(url, id, pwd);
The bad thing is I have to create login for each user, which I don't think is correct.
2. The other way I am thinking is create an "user_account" table, which store the login for all users. By querying against this table, I could varify the user. However, then I have to connect to the database first, before I can query the "user_account" table to varify the user, which means the application has to connect to database right after it starts. Is this the good approach for this type of problem?