tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From הילה <hilavalen...@gmail.com>
Subject Re: Tomcat NTLM Authentication
Date Mon, 07 Mar 2011 13:10:58 GMT
Hey,
I cannot look for it in Microsoft, since the Java is of SUN, and the
implementation is on the Java side, not the SQL Microsoft side.

Option no' 1 :]
User and password should not exist in clear text in the xml file.

2011/3/7 André Warnier <aw@ice-sa.com>

> הילה wrote:
>
>> I'm using Microsoft SQL Server 2008, latest SP.
>> the use of domain user is used with the jtds package, which allows the
>> tomcat service to authenticate to the DB with the presence of native SSPI
>> DLL called ntlmauth.dll
>> However, it generated a memory leak in the server. So I'm looking for
>> alternatives.
>>
>>  So, the problem now, correctly stated, is :
>
> - does there exist a Java driver for SQL Server 2008, which allows for NTLM
> authentication with SQL Server, and does not have a memory leak ?
>
> (and I would think that Microsoft would be the place to look first)
>
>
> But it is still a bad solution with respect to security, agreed ?
>
> It would still be interesting to know in what exact terms you were given
> this task.
> Did they tell you
> - that the userid and password should in no circumstances be stored in
> clear in any file on the Tomcat server (even if this file cannot be accessed
> by anyone) ?
> - or did they tell you : our security scanner found a file containing a
> user-id and password; this is not acceptable ?
> - or some other formulation ?
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message