On Friday, October 19, 2001, at 06:29 PM, H.de.Wit@SFK.NL wrote:
We are using DB2 on an As400 and are looking how we can use Zope in front of it. DB2 offers row security: you can only see the records you are allowed to see, based on your username and password. I can connect to DB2 with the ZODBDA. With this adapter you have to give a username password and after that all users are able to 'SQL' the database, but with a common username password, not their own.
Now my question: is it possible to use a databaseadapter in a personal way?
The short answer is you cannot.
It is not that i don't trust Zope's security mechanism, but i have the idea that row security offers just a little more.
Few, if any, application servers would support what you are after as it involves maintaining a separate database connection for each user. With Zope it would be possible with some work. You would need to create a new virtual DA that creates a new connection for each authenticated user and caches it for some period of time. Note that you would probably need one connection per Zope thread (4 - 7) unless your underlying db library can handle being shared between threads, or you are talking to a middle tier proxy of some kind instead of implementing all this in Zope. Nobody has been bothered to implement this design though. You could even tie it into exUserFolder and use the usernames and passwords already defined in your database as your authentication scheme. -- Stuart Bishop <zen@shangri-la.dropbear.id.au>