tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat NTLM Authentication
Date Mon, 07 Mar 2011 13:44:47 GMT
הילה wrote:
> I read that JTDS (jtds-1.2.5.jar) is more stable and less buggy than JDBC of
> Microsoft. So I don't want to add more logs to the fire.. :]

That's a funny thing to say, considering that it has a memory leak, and that nobody is 
answering your calls for help on the jTDS list.
What about this one :

http://msdn.microsoft.com/en-us/sqlserver/aa937724



> 
> 
> 2011/3/7 David kerber <dckerber@verizon.net>
> 
>> On 3/7/2011 8:10 AM, הילה wrote:
>>
>>> Hey,
>>> I cannot look for it in Microsoft, since the Java is of SUN, and the
>>> implementation is on the Java side, not the SQL Microsoft side.
>>>
>> Microsoft may have a jdbc driver you could use, though.
>>
>>
>> D
>>
>>
>>
>>> Option no' 1 :]
>>> User and password should not exist in clear text in the xml file.
>>>
>>> 2011/3/7 André Warnier<aw@ice-sa.com>
>>>
>>>  הילה wrote:
>>>>  I'm using Microsoft SQL Server 2008, latest SP.
>>>>> the use of domain user is used with the jtds package, which allows the
>>>>> tomcat service to authenticate to the DB with the presence of native
>>>>> SSPI
>>>>> DLL called ntlmauth.dll
>>>>> However, it generated a memory leak in the server. So I'm looking for
>>>>> alternatives.
>>>>>
>>>>>  So, the problem now, correctly stated, is :
>>>>>
>>>> - does there exist a Java driver for SQL Server 2008, which allows for
>>>> NTLM
>>>> authentication with SQL Server, and does not have a memory leak ?
>>>>
>>>> (and I would think that Microsoft would be the place to look first)
>>>>
>>>>
>>>> But it is still a bad solution with respect to security, agreed ?
>>>>
>>>> It would still be interesting to know in what exact terms you were given
>>>> this task.
>>>> Did they tell you
>>>> - that the userid and password should in no circumstances be stored in
>>>> clear in any file on the Tomcat server (even if this file cannot be
>>>> accessed
>>>> by anyone) ?
>>>> - or did they tell you : our security scanner found a file containing a
>>>> user-id and password; this is not acceptable ?
>>>> - or some other formulation ?
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message