I am thinking about implementing a JMS system whereby database connection information would be transported within messages. Is there something inherently unsafe about this? If so, what is the best method to secure these messages?
Yes? Well my question is why are you transmitting database information in a message? The J2EE should have its connections managed via connection pools, ergo, all database connections should be setup ahead of time. The only thing that the message might be 'which' database to use, not the full connection string.
Well, here's the situation. We have a bunch of small web apps that don't use pooling, they just directly connect to databases. Users can choose whether to run against production or staging. So there will be two sets of connection parameters needed by these applications. We would rather not keep this information within the individual apps for maintenance purposes. And we don't want these apps to all ask a database for the connection parameters (duplication of code).
So we want our logic in one place and give it the ability to communicate to all these small apps the database information needed.
How often are you changing databases and how many databases are there? Keep in mind this forum is about EJBs, where direct access to the database is not common (other than in BMPs). If it were me, I'd either set up all databases in a connection pool on each local server, or write a good deployment script that fixes the database when the EAR is launched.
It sounds like you might need help in the JDBC forum, as what your describing isn't really a J2EE pattern.
John Eric Hamacher
Joined: Apr 25, 2007
There many, many schemas, one for each customer. The choice between production or staging takes place at runtime so it may switch back and forth over a period of seconds, in theory.
It's a pain in the butt. I guess I could start pooling on every single app, setting up a pool for each database. It's a mess any way you look at it.