tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From הילה <hilavalen...@gmail.com>
Subject Re: Tomcat NTLM Authentication
Date Mon, 07 Mar 2011 13:55:11 GMT
Yeah, ha :]
Since I'm desperate, I'll try it out.
Do I need to change the connectionURL or DriverClassName in the XML
configuration file of tomcat, in order for this to work?


2011/3/7 André Warnier <aw@ice-sa.com>

> הילה wrote:
>
>> I read that JTDS (jtds-1.2.5.jar) is more stable and less buggy than JDBC
>> of
>> Microsoft. So I don't want to add more logs to the fire.. :]
>>
>
> That's a funny thing to say, considering that it has a memory leak, and
> that nobody is answering your calls for help on the jTDS list.
> What about this one :
>
> http://msdn.microsoft.com/en-us/sqlserver/aa937724
>
>
>
>
>
>>
>> 2011/3/7 David kerber <dckerber@verizon.net>
>>
>>  On 3/7/2011 8:10 AM, הילה wrote:
>>>
>>>  Hey,
>>>> I cannot look for it in Microsoft, since the Java is of SUN, and the
>>>> implementation is on the Java side, not the SQL Microsoft side.
>>>>
>>>>  Microsoft may have a jdbc driver you could use, though.
>>>
>>>
>>> D
>>>
>>>
>>>
>>>  Option no' 1 :]
>>>> User and password should not exist in clear text in the xml file.
>>>>
>>>> 2011/3/7 André Warnier<aw@ice-sa.com>
>>>>
>>>>  הילה wrote:
>>>>
>>>>>  I'm using Microsoft SQL Server 2008, latest SP.
>>>>>
>>>>>> the use of domain user is used with the jtds package, which allows
the
>>>>>> tomcat service to authenticate to the DB with the presence of native
>>>>>> SSPI
>>>>>> DLL called ntlmauth.dll
>>>>>> However, it generated a memory leak in the server. So I'm looking
for
>>>>>> alternatives.
>>>>>>
>>>>>>  So, the problem now, correctly stated, is :
>>>>>>
>>>>>>  - does there exist a Java driver for SQL Server 2008, which allows
>>>>> for
>>>>> NTLM
>>>>> authentication with SQL Server, and does not have a memory leak ?
>>>>>
>>>>> (and I would think that Microsoft would be the place to look first)
>>>>>
>>>>>
>>>>> But it is still a bad solution with respect to security, agreed ?
>>>>>
>>>>> It would still be interesting to know in what exact terms you were
>>>>> given
>>>>> this task.
>>>>> Did they tell you
>>>>> - that the userid and password should in no circumstances be stored in
>>>>> clear in any file on the Tomcat server (even if this file cannot be
>>>>> accessed
>>>>> by anyone) ?
>>>>> - or did they tell you : our security scanner found a file containing
a
>>>>> user-id and password; this is not acceptable ?
>>>>> - or some other formulation ?
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>>>>  ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message