tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From הילה <hilavalen...@gmail.com>
Subject Re: Tomcat NTLM Authentication
Date Mon, 07 Mar 2011 13:27:18 GMT
I read that JTDS (jtds-1.2.5.jar) is more stable and less buggy than JDBC of
Microsoft. So I don't want to add more logs to the fire.. :]


2011/3/7 David kerber <dckerber@verizon.net>

> On 3/7/2011 8:10 AM, הילה wrote:
>
>> Hey,
>> I cannot look for it in Microsoft, since the Java is of SUN, and the
>> implementation is on the Java side, not the SQL Microsoft side.
>>
>
> Microsoft may have a jdbc driver you could use, though.
>
>
> D
>
>
>
>> Option no' 1 :]
>> User and password should not exist in clear text in the xml file.
>>
>> 2011/3/7 André Warnier<aw@ice-sa.com>
>>
>>  הילה wrote:
>>>
>>>  I'm using Microsoft SQL Server 2008, latest SP.
>>>> the use of domain user is used with the jtds package, which allows the
>>>> tomcat service to authenticate to the DB with the presence of native
>>>> SSPI
>>>> DLL called ntlmauth.dll
>>>> However, it generated a memory leak in the server. So I'm looking for
>>>> alternatives.
>>>>
>>>>  So, the problem now, correctly stated, is :
>>>>
>>>
>>> - does there exist a Java driver for SQL Server 2008, which allows for
>>> NTLM
>>> authentication with SQL Server, and does not have a memory leak ?
>>>
>>> (and I would think that Microsoft would be the place to look first)
>>>
>>>
>>> But it is still a bad solution with respect to security, agreed ?
>>>
>>> It would still be interesting to know in what exact terms you were given
>>> this task.
>>> Did they tell you
>>> - that the userid and password should in no circumstances be stored in
>>> clear in any file on the Tomcat server (even if this file cannot be
>>> accessed
>>> by anyone) ?
>>> - or did they tell you : our security scanner found a file containing a
>>> user-id and password; this is not acceptable ?
>>> - or some other formulation ?
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message