tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David kerber <dcker...@verizon.net>
Subject Re: Tomcat NTLM Authentication
Date Mon, 07 Mar 2011 13:20:52 GMT
On 3/7/2011 8:10 AM, הילה wrote:
> Hey,
> I cannot look for it in Microsoft, since the Java is of SUN, and the
> implementation is on the Java side, not the SQL Microsoft side.

Microsoft may have a jdbc driver you could use, though.

D


>
> Option no' 1 :]
> User and password should not exist in clear text in the xml file.
>
> 2011/3/7 André Warnier<aw@ice-sa.com>
>
>> הילה wrote:
>>
>>> I'm using Microsoft SQL Server 2008, latest SP.
>>> the use of domain user is used with the jtds package, which allows the
>>> tomcat service to authenticate to the DB with the presence of native SSPI
>>> DLL called ntlmauth.dll
>>> However, it generated a memory leak in the server. So I'm looking for
>>> alternatives.
>>>
>>>   So, the problem now, correctly stated, is :
>>
>> - does there exist a Java driver for SQL Server 2008, which allows for NTLM
>> authentication with SQL Server, and does not have a memory leak ?
>>
>> (and I would think that Microsoft would be the place to look first)
>>
>>
>> But it is still a bad solution with respect to security, agreed ?
>>
>> It would still be interesting to know in what exact terms you were given
>> this task.
>> Did they tell you
>> - that the userid and password should in no circumstances be stored in
>> clear in any file on the Tomcat server (even if this file cannot be accessed
>> by anyone) ?
>> - or did they tell you : our security scanner found a file containing a
>> user-id and password; this is not acceptable ?
>> - or some other formulation ?
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message