Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Database vs application users

444750May 29 2005

Hi.
Please give some opinion on this:
Wich is the best approach for managing users in a typical three-tier web application, using jdbc:

A) The database has one or two users with the proper grants and privileges to manage data(eg. read_user for selects and admin_user for inserts deletes and updates) In addition, there is a table with all valid application users. The third tier will connect to the database as one of the users, depending on the system login user, via jdbc. When someone new registers on the site, a new row is added to the users table.

B) Database users are also application users. So, when someone new registers on the site, a new database user is created with the proper privileges. No need for users table because application user equals database user.

I know A and B have different security approaches, but appart from that, what are the benefits/drawbacks of each implementation ?
When is one better than the other ?

Thanks a lot.

Locked Post

New comments cannot be posted to this locked post.

Locked on Jun 26 2005

Added on May 29 2005

#general-database-discussions

0 comments

113 views