tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat NTLM Authentication
Date Mon, 07 Mar 2011 13:05:44 GMT
הילה wrote:
> I'm using Microsoft SQL Server 2008, latest SP.
> the use of domain user is used with the jtds package, which allows the
> tomcat service to authenticate to the DB with the presence of native SSPI
> DLL called ntlmauth.dll
> However, it generated a memory leak in the server. So I'm looking for
> alternatives.
> 
So, the problem now, correctly stated, is :

- does there exist a Java driver for SQL Server 2008, which allows for NTLM authentication

with SQL Server, and does not have a memory leak ?

(and I would think that Microsoft would be the place to look first)


But it is still a bad solution with respect to security, agreed ?

It would still be interesting to know in what exact terms you were given this task.
Did they tell you
- that the userid and password should in no circumstances be stored in clear in any file 
on the Tomcat server (even if this file cannot be accessed by anyone) ?
- or did they tell you : our security scanner found a file containing a user-id and 
password; this is not acceptable ?
- or some other formulation ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message