• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JMS newbie - security question

 
John Eric Hamacher
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello:

I am thinking about implementing a JMS system whereby database connection information would be transported within messages. Is there something
inherently unsafe about this? If so, what is the best method to secure these messages?

Thanks
Eric
 
Scott Selikoff
author
Saloon Keeper
Posts: 4021
18
Eclipse IDE Flex Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes? Well my question is why are you transmitting database information in a message? The J2EE should have its connections managed via connection pools, ergo, all database connections should be setup ahead of time. The only thing that the message might be 'which' database to use, not the full connection string.
 
John Eric Hamacher
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, here's the situation. We have a bunch of small web apps that don't use pooling, they just directly connect to databases. Users can choose whether to run against production or staging. So there will be two sets of connection parameters needed by these applications. We would rather not keep this information within the individual apps for maintenance purposes. And we don't want these apps to all ask a database for the connection parameters (duplication of code).

So we want our logic in one place and give it the ability to communicate to all these small apps the database information needed.


Eric
 
Scott Selikoff
author
Saloon Keeper
Posts: 4021
18
Eclipse IDE Flex Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How often are you changing databases and how many databases are there? Keep in mind this forum is about EJBs, where direct access to the database is not common (other than in BMPs). If it were me, I'd either set up all databases in a connection pool on each local server, or write a good deployment script that fixes the database when the EAR is launched.

It sounds like you might need help in the JDBC forum, as what your describing isn't really a J2EE pattern.
 
John Eric Hamacher
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There many, many schemas, one for each customer. The choice between production or staging takes place at runtime so it may switch back and forth over a period of seconds, in theory.

It's a pain in the butt. I guess I could start pooling on every single app, setting up a pool for each database. It's a mess any way you look at it.

Eric
 
Scott Selikoff
author
Saloon Keeper
Posts: 4021
18
Eclipse IDE Flex Google Web Toolkit
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's not so bad if you write good build/deployment scripts. It can automate the process a lot.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic