From: "Paul Ranson" 

If your db connection is held in a session then I have a trival DoS
opportunity. This is nothing to do with C++, rather with unsafe practices
when writing web apps...

Paul

"Adam Flinton"  wrote in message
news:4292ed4d$1{at}w3.nls.net...
> Paul Ranson wrote:
>> The 'Web app' serves up a page at a time, all the db access is done from
>> the web server, so the web app needs a connection for each page served.
>
> Huh? Blimey. No sessions in C+++ land?
>
>
>> It should get one from the pool at the start of page processing and
>> return it at the end.
>
> Good lord. No wonder people don't use C++ for web apps.
>
>> Using a pool means this is very cheap compared to an actual db query.
>
> Yes but why when you can just go from page to page within a single
> session?
>
>
>> User authentication should be separate and not attached to a specific db
>> connection. Or am I missing something?
>>
>
>
> Depends on the app. A number of the secure web apps use say an LDAP ID
> server which is called on login & supplies a token which is then held
> within the session & is used as the dbid as the DB requires auditable
> record keeping (e.g. who updated this & when).
>
> Adam

--- BBBS/NT v4.01 Flag-5