Re: Auditing original user in an n-tier environment

On 5/23/05, Christian Antognini <Christian.Antognini@xxxxxxxxxxxx> wrote:
>=20
>=20
> >We are fighting the exact same fight.  Oracle provides a mechanism
> >with DBMS_SESSION.set_context and sys_context.  However, this is not a
> >magic bullet.  We have a web-based application with pooled
> >connections.
>=20
> Tom
>=20
> Do you use global contexts?
>=20
>=20
> Chris
>=20
Global context isn't the issue --- though it's what I would use.  The
Web is state-less.  With each new page it picks the next connection
available to communicate with the database.  If you have a 10
connection pool, during a single session with the application one user
could end up using all 10 connections --- maybe even twice over.

With each new connection it is the application's job to establish the
context for that connection (not session) with the Oracle database.

Currently we are using a home-rolled mechanism that mimics Oracle's.=20
It's no better or worse, just very poorly documented and no knowledge
of how it works exists ourside the current group of contractors.

I guess that you'd call it job security.
--
http://www.freelists.org/webpage/oracle-l

Other related posts: