> From: Keith Thomas [mailto:keith.tho...@gmail.com] > Subject: RE: How to turn off JNDI datasource connection pooling > > The security for the data within the database is entirely > baked into the restriction that every user has their own > database connection.
>From the DB server perspective, the only "user" is whatever userid Tomcat is >running under. Or are you passing credentials on every DB connection? If so, >where do you get the credentials from? If you don't want to use pooling at all, you'll need to use the DB connection creation methods directly in your webapp - which seems to be a major step backwards. Security in a servlet container environment is normally provided by specifying appropriate role names and URL patterns in the webapp's WEB-INF/web.xml file. If you're rolling your own instead, you're doing a ton of extra work, and not taking advantage of the capabilities an app server provides. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
