I have a web application which connects to Microsoft SQL Server 2000 through
JDBC-ODBC Driver. The application server is JBoss and I am using connection
pooling.
When the application connects to the database it provides userid and
password which are 'sa' and 'password' respectively. They are constants for
all users. The user also type in his/her own login id which I stored in the
HTTPSession.
Problem is my triggers wants to get that login id. Is it possible?
Thanks
RizwanHi
You should not be using 'sa' as the login to SQL Server as this may be too
privileged.
The users login id is only used as authentication mechanism, therefore you
will either need to pass it as part of each call to the query/stored
procedures or possibly generate some kind of session token and pass that and
then use the session token as a link to the login.
John
"Rizwan" <hussains@.pendylum.com> wrote in message
news:5Ozce.14173$gA5.818174@.news20.bellglobal.com...
>I have a web application which connects to Microsoft SQL Server 2000
>through
> JDBC-ODBC Driver. The application server is JBoss and I am using
> connection
> pooling.
> When the application connects to the database it provides userid and
> password which are 'sa' and 'password' respectively. They are constants
> for
> all users. The user also type in his/her own login id which I stored in
> the
> HTTPSession.
> Problem is my triggers wants to get that login id. Is it possible?
>
> Thanks
> Rizwan
>|||> possibly generate some kind of session token and pass that and
> then use the session token as a link to the login.
can you explain this solution a bit more about what is session token?
thanks
"John Bell" <jbellnewsposts@.hotmail.com> wrote in message
news:uNfEUWWTFHA.3176@.TK2MSFTNGP09.phx.gbl...
> Hi
> You should not be using 'sa' as the login to SQL Server as this may be too
> privileged.
> The users login id is only used as authentication mechanism, therefore you
> will either need to pass it as part of each call to the query/stored
> procedures or possibly generate some kind of session token and pass that
and
> then use the session token as a link to the login.
> John
>
> "Rizwan" <hussains@.pendylum.com> wrote in message
> news:5Ozce.14173$gA5.818174@.news20.bellglobal.com...
>|||Hi
The easiest way is to store and pass the user_id that the person
authenticated with within you code. You than pass this value to each
procedure that is called e.g.
EXEC myProc @.user_id = 'John'
If you want to access the user_id in a trigger you would have to add a
user_id column to each table (say last_modified_by) and set 'John' as the
value. This way you can see who changed it by accessing the last_modified_by
in the inserted table in your trigger. Alternatively you can do the work
that the trigger would have done in the stored procedure and you would not
need the extra column.
A token would be a means of relating the session to the user, if you have a
users table it may be stored in there. That way you are not passing
something that is clearly a username, but you can get the username by
selecting the appropriate record from the users table.
HTH
John
"Rizwan" <hussains@.pendylum.com> wrote in message
news:9srde.1176$3U.240756@.news20.bellglobal.com...
> can you explain this solution a bit more about what is session token?
> thanks
> "John Bell" <jbellnewsposts@.hotmail.com> wrote in message
> news:uNfEUWWTFHA.3176@.TK2MSFTNGP09.phx.gbl...
> and
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment