Hi,
I’ve searched the web with little success with the following question, and do hope someone can help shed some light on this issue.
I’ve been involved in network security for the last couple of years, but have recently included application security as part of my job responsibility…. and hence this question 🙂
I’ve been told by my developers that for some of our applications, the following is the framework…
1. user logs on to the application
2. user requests for some info
3.the application will logon to a backend datbase with a system ID and password to retrieve that information. This system ID and password is used by all authorised users to access the backend database.
The question is… Does this constitute a compromise of security? Should each user/password have unique access to the database instead of using a shared user id / password?
Any advise on this?
Thanks!!!