If you build a web-app the user doesn't connect to the db . It connects
to the application.
It is the web app that should have an auth mechanism.
The web app will perform predefined and limited operations and it is the
web programmer that has to guarantee that only operations provided by
the web application can be performed by web app user.
In an e-commerce web application when the user places an order doesn't
execute an insert sql statement. Is submits a form an the form is
processed in the web application.
Let say orders can be placed only by registered users, is the web
application that has to allow login and check that the user is
authorized throughout the order process.
This is business logic and it's hard to believe you want to place
business logic in the db.
Moreover you will tipically use a connection pool and not create single
connections not to risk to overload your db. Hence you have to create
the pool and provide db user credential at that time, not when the user
connect to the application.
I suggest you read something about developing multi-tiered applications
and the MVC pattern before going further.
Once done that you can chose a web application development framework:
many of them provide authorization mechanism or allow you to plugin your
preferred one
Il 14/05/2010 15.24, Leonardo F ha scritto:
>> I think this point number 2 is pretty important. If at all possible, keep
>> the webapp separate from the database, and keep the database
>> server on a fairly restrictive firewall. This means that someone has
>> got to get in to the webapp, then hop to the database server, it just
>> adds another layer of mis-direction for any would-be evil doers.
>>
>
> Which are the authentication methods "recommended" in this
> scenario? It sounds to me that no matter the auth mechanism,
> if a user can connect to the webapp server with the user that runs
> the webapp there's no way of avoiding the connection to the db
> (since the user will then be free to see/do whatever the webapp was
> seeing/doing).
>
>
>
>
>
--
==================================================
dott. Ivano Mario Luberti
Archimede Informatica societa' cooperativa a r. l.
Sede Operativa
Via Gereschi 36 - 56126- Pisa
tel.: +39-050- 580959
tel/fax: +39-050-9711344
web: www.archicoop.it
==================================================