Secure access to database application

P

Peter Ashford

Hi All

Just looking for a bit of advice. I have an muti-user application
that I'm developing that talks to an Oracle database. What's the best
way (or at least a good way!) of securing user + password access to
the program? I've currently got a user table in the database and I
fetch whether the login credentials match what's in that table - but I
log in as an admin user to the DB in order to fetch the user table, so
admin password is coded into the application - this is obviously
bad.

Ideas? I presume there's a standard way of doing these kinds of
things :eek:)
 
?

=?ISO-8859-1?Q?Arne_Vajh=F8j?=

Peter said:
Just looking for a bit of advice. I have an muti-user application
that I'm developing that talks to an Oracle database. What's the best
way (or at least a good way!) of securing user + password access to
the program? I've currently got a user table in the database and I
fetch whether the login credentials match what's in that table - but I
log in as an admin user to the DB in order to fetch the user table, so
admin password is coded into the application - this is obviously
bad.

Ideas? I presume there's a standard way of doing these kinds of
things :eek:)
Click to expand...

The best solution would be if each user got real database
usernames/passwords and simply connected with those.

The next best solution is probably if the initial connection
to check the access used a username/password that only gave
access to run some check & lookup code that are only available
for running not for viewing.

Arne
 
W

Wibble

I have a jsf page which collects some input
for a database query. I want to submit
this request and have the server render a
csv file, which explorer will display.

I'm using Netbeans visual web to draw the request page
and ListObjectDataProvider to wrap the data.

I'm able to invoke a page which renders the data
as an html table, but how do I get it to display
a CSV file? (or plain text or binary)
 
S

stefanomnn

HI!
you could make so, in your action method:

1)look up HttpSerlverResponsObject,
2)set contentType to text/plain
3)write cv data and close stream
4)invoke responseComplete() on FacesContext object (terminate jsf
lifecycle)

i hope i helped you!
Stefano
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to connect MySQL DataBase to Java Application 2
How to effectively develop a web application from scratch? 0
[OT] Secure storage 23
Java Application 1
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
ANN: eGenix mxODBC Connect 2.1.0 - Python ODBC Database Interface 0
how to access connection object in another class? 5
Java Add-On FORCES Programmers to Develop Secure Code 0

Members online

No members online now.
Total: 19 (members: 1, guests: 18)
Robots: 209

Forum statistics

Threads
473,756
Messages
2,569,540
Members
45,025
Latest member
KetoRushACVFitness

Latest Threads

Top