users@glassfish.java.net

How do I make a connection pool less accessible?

From: <glassfish_at_javadesktop.org>
Date: Mon, 05 May 2008 05:35:44 PDT

Hi!

When I define a connection pool for use by an EJB3 application, I specify user name and password as pool properties. A remote client can then look up the pool with its JNDI name and connect to the database without knowing the password and thereby getting more or less full access to the database.

I'm sure this shouldn't be possible but I can't figure out what I've done wrong. Please help.

TIA,
Gunnar
[Message sent by forum member 'gugrim' (gugrim)]

http://forums.java.net/jive/thread.jspa?messageID=272748