Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

how to control the login security of a web application using database?

Posted on 2003-03-12
18
Medium Priority
?
169 Views
Last Modified: 2010-04-01
Dear experts,

I have developed something which I am not sure if it is the best way to do it.

I am trying to control user login by query the Oracle database.
1. I create an user account in the database for the user, therefore, I pass the login to Oracle driver to varified the user--
DriverManager.getConnection(url, id, pwd);
The bad thing is I have to create login for each user, which I don't think is correct.

2. The other way I am thinking is create an "user_account" table, which store the login for all users. By querying against this table, I could varify the user. However, then I have to connect to the database first, before I can query the "user_account" table to varify the user, which means the application has to connect to database right after it starts. Is this the good approach for this type of problem?

Thanks.
0
Comment
Question by:changcy77
  • 9
  • 7
  • 2
18 Comments
 
LVL 35

Expert Comment

by:girionis
ID: 8121029
 You have to connect to database anyway in order to verify that the suer has the right password/username. Except if you store username/password in a flat/XML file.
0
 

Author Comment

by:changcy77
ID: 8121078
Thanks for response.

But, my first approach, whcih use user's login to connect to the database does not guarenteed the connection to database. So, the application don't have to connect to database unless the user's login is correct.
0
 
LVL 35

Expert Comment

by:girionis
ID: 8121155
 Yes true if the username/password are wrong then there is no connection object. The thing is though that the trip to the database is done anyway. Besides you will need a connection object for every user. If you have 1000 users that means 1000 connection objects. The more users you have the more cumbersome it will be for the database (of course there is always the connection pooling solution).

  With the second approach you also do not need to create log in for every user, which (creating login for every user) is always more hack-prone since now your database is vulnerable to more people.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:changcy77
ID: 8121336
thanks.

But, I am not totally clear about your suggestion. Do you mean:
1. Connect to the database when the application starts anyway?
2. But, I am also using JavaBean to pass data to database. Should I release the connection everytime the query is done and reconnect for next query? Or just leave the connection until the application is closed?
0
 
LVL 11

Expert Comment

by:fargo
ID: 8121515
Hello changcy77,

I suppose you are little bit deviate with the use of user/password used for database connection and the user/password used for application use.

The user/password used for database connection will always remains same. You have to define certain rights in the database for the users to administer or only read rights or whatever....

and those who user/password which are used for your application login is different....Your second approach is the normal approach in all cases. You need to create a table to maintain the user authentications....

So the bottom line is.....use second approach..and define user/password to connect to the database..u need a connection to the database to check the login user.

Hope it clears the stand.
happy working
fargo
0
 
LVL 35

Expert Comment

by:girionis
ID: 8122533
1), 2) This is entirely up to you and to your application's specification. Do you see the need to connect on startup or not? Does it take a long time to connect so it's better to do it at start up? Do you see your users only querring the database periodically or quite often? How many users do you see connecting/querring?

0
 

Author Comment

by:changcy77
ID: 8122627
thanks to both experts.

I think my question now are
1." could multiple JavaBeans share one database connection?"


 
0
 

Author Comment

by:changcy77
ID: 8122652
thanks to both experts.

I think my question now are
1." could multiple JavaBeans share one database connection?"


 
0
 

Author Comment

by:changcy77
ID: 8122767
thanks to both experts.

I think my question now are
1." could multiple JavaBeans share one database connection?"


 
0
 

Author Comment

by:changcy77
ID: 8122884
thanks to both experts.

I think my question now are
1." could multiple JavaBeans share one database connection?"


 
0
 
LVL 35

Expert Comment

by:girionis
ID: 8122928
 Yes they can. Just have another class that holds the connection and then return it to every class requesting it. Be careful to synchronize the connection if multiple objects are going to use it at the same time.
0
 
LVL 35

Accepted Solution

by:
girionis earned 200 total points
ID: 8122958
 You might also want to take a look here: http://www.webdevelopersjournal.com/columns/connection_pool.html
0
 
LVL 11

Expert Comment

by:fargo
ID: 8126321
Hii changcy77,

girionis is correct with his answer..moreover the link is perfect one....In the article, a properties file is used for getting the driver, user password ...u can even make use of ini files to do the same. Well, it depends upon ur requirements.

Have a nice time
good luck
fargo
0
 

Author Comment

by:changcy77
ID: 8130668

Thanks.
the link is very good.

But, I am still not totally clear about how JavaBean interact with Connection in terms of accessing database, when to create a connection, when to release, which connection to use,..?  Does anyone have a complete and good example that I can use as reference?

Thanks again.
 
0
 
LVL 35

Expert Comment

by:girionis
ID: 8130825
 I suggst if users will be performing db operations constantly then leave the connection open. Otherwise close it and open it every time a user requests something.
0
 

Author Comment

by:changcy77
ID: 8131577

Thanks.
the link is very good.

But, I am still not totally clear about how JavaBean interact with Connection in terms of accessing database, when to create a connection, when to release, which connection to use,..?  Does anyone have a complete and good example that I can use as reference?

Thanks again.
 
0
 

Author Comment

by:changcy77
ID: 8153747
the sample code is helpful. thanks
0
 
LVL 35

Expert Comment

by:girionis
ID: 8157835
 Thank you. I am glad I helped :-)
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
Often, the users face difficulty in accessing Outlook 2016 PST files on Windows 10 computer. One of the reasons behind it is the improper functioning of MS Outlook when the user tries to open it. MS Outlook suddenly stops working, or it will not op…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question