Hi Ray, Thank you very much for your help. Yes, I amusing jdbc-odbc bridge, but I am not sure if put on shared drive it canhold 25 simaltenous connection without crashing. Besides, when I am selecting data from first table using String sqlStatement = "Select * from " + first_table+ "," +second_table + " where " + filed_name + " Like '%" + keyword + "%'"; and what to know number of columns selected col_number = rsmd.getColumnCount(); it gives me number of columns from 2 tables.When I want to find to which table this column belongs table_name = rsmd.getTableName(1); it gives me empty String. So still do not know how to find the real number of columns selected. Elena >From: Ray Harrison <[EMAIL PROTECTED]> >Reply-To: Orion-Interest <[EMAIL PROTECTED]> >To: Orion-Interest <[EMAIL PROTECTED]> >Subject: Re: mySQL >Date: Sat, 22 Sep 2001 02:57:41 -0700 (PDT) > >Emeline - >Go to http://mmmysql.sourceforge.net/ and you can pick up the latest jdbc >driver jar file (works >anywhere). You should be able to export your access tables to delimited >files and then load them >into mysql. With Access, you can use the JDBC-ODBC bridge to get at the >data if you are interested >in pursuing that avenue. > > >Cheers >Ray >--- Emeline Barns <[EMAIL PROTECTED]> wrote: > > Hi gurus, > > I have databases created in MS Access and using JDBC-ODBC for connection > > which is not great. > > My application have to hold under 30 connections. I tested my PC to run >20 > > instances of the program, and it worked. Does this mean that it will be > > working when installed on shared drive? > > I tried to switch to mySQL, butcannot yet find the JDBC driver for > > WindowsNT(only Linux). Also I need to export my databases from Access to > > MySQL which I have not found as well. > > May be there are some free JDBC drivers for Access which I am not aware. >I > > make this program for non=profitable organization which has no money to >buy > > drivers. > > Any help will be appreciated. > > Emeline > > > > > > >From: "Michael J. Cannon" <[EMAIL PROTECTED]> > > >Reply-To: Orion-Interest <[EMAIL PROTECTED]> > > >To: Orion-Interest <[EMAIL PROTECTED]> > > >CC: <[EMAIL PROTECTED]> > > >Subject: Re: Orion Security (WAS:RE:Questions About Orion) > > >Date: Fri, 21 Sep 2001 15:27:42 -0500 > > > > > >Vlad, > > > > > >As in any App Server environment on the Web, the security >vulnerabilities > > >of > > >the Orion App Server are on two fronts: > > > > > >Server-side: > > >Orionserver Security Primer: > > >http://www.jollem.com/~ernst/orion-security-primer/ > > >Java Best Practices for Server-side Security: > > >From Sun: > > >J2EE: > > >The Tutorial: > > >http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security.html > > >The Security Blueprint: > > >http://java.sun.com/j2ee/blueprints/eis_tier/security/index.html > > >Platform Spec for v.1.3 (go to the Security Bookmark in the .pdf) > > >http://java.sun.com/j2ee/j2ee-1_3-pfd4-spec.pdf > > > > > >Additionally, there are potential vulnerabilities in the HTTP server, >the > > >plug-in architecture (especially when using CGI and PHP, Python, Perl >or > > >Jpython scripts/executables - allowed in Orion and rather easy to do, >as > > >well as being very fast). There was a general discussion about >Java-based > > >HTTP webservers at the WWW Mobile code forum > > > >(link:http://www.securityfocus.com/templates/archive.pike?end=2001-09-22&tid > > >=196606&start=2001-09-16&list=107&threads=0&), but it didn't resolve > > >anything. Bottom line: in general, currently both the HTTP and >Java/J2EE > > >functionality of the Orion Server is safe from all known exploits and > > >vulnerabilities in the wild, with the possible exception of a DoS due >to > > >transparent proxying on the server (Cisco Routers and Xerox Printers, >as > > >well as most Cable and DSL modems are similarly vulnerable). Orion is >no > > >more vulnerable than Apache/Tomcat or IIS, and, as recent history has > > >proven, is actually far less vulnerable than the Microsoft products for > > >similar functionality (as well as being FAR faster and easier to >develop > > >for - Link: http://www.orionserver.com/benchmarks/benchmark.html , >sadly, > > >the BEAst will not allow Orion to continue to publlish stats, but you >can > > >read about that following the links:). > > > > > >The second major place that any J2EE AppServer is in the database. >'Nuff > > >said, separate issue and separate practices. Use a secured (wrappered >or > > >tunneled with encruyption) HTTP or RMI connection to the database all >JDBC > > >connections. Secure the JDBC datastream and securew the database >according > > >to the best practices you may choose. > > > > > >The final place on the server-side that any J2EE or other App server is > > >vulnerable is the environment. Nail down the ACLs for your specific > > >environment and pay attention to the OS and the various other sevices >and > > >apps you are running on the box (including the security services - >just > > >had > > >to repair a Symantec-installed hole left when they put their IDS tools >on > > >the production box!). Pay attention to domain and network issues, and >keep > > >the network clean and properly configured. Most Orion or Oracle > > >penetrations I've seen/heard of were actually BIND exploits or port53 >DNS > > >issues. > > > > > >With the advent of NIMDA, we see another vector for attacks: the >client > > >program. With a few exceptions, Java AppServers are uniquely >invulnerable > > >to this new vector. > > >Sun Client-side Security Note: > > > >http://java.sun.com/j2se/1.3.0/docs/guide/security/spec/security-specTOC.fm. > > >html > > > > > >So, keep aware of general security threats, code to best practices, >test > > >developers' code for exploits before putting it into production (85% of >all > > >losses in the IT enterprise space are inside jobs) and be aware of >normal > > >security precautions. > > > > > >For Solaris tools see: > > >http://www.solaris4you.dk/sunsolaris.html > > > > > >and, I'm testing the Astaro Security Linux implementation (and have > > >installed it for 3 clients who use Orion or Oracle 9AS with OC4J) so >far > > >successfully. I include a few additional patches and configuration > > >changes, > > >but, in general it seems to work well. Link: > > >http://www.astaro.com > > >and > > >http://www.astaro.org > > > > > >Comes with Enterprise VPN and AV support, too. > > > > > >Also having luck with Net Screen > > >http://www.netscreen.com/products/index.html > > > > > >Hope all this was of assistance. Contact me offline if you have any >more > > >specific questions on Oracle, OAS or Orion Security. We also test > > >Enterprise domain-level security and manage PKI infrastructures. > > > > > >Michael J. Cannon > > >[EMAIL PROTECTED] > > >PM/COO-hsqldb.org, Inc. > > >http://hsqldb.org > > > > > >President, Ubiquicomm - Home of the Grupo Para Bellum Security Team > > >http://www.ubiquicomm.com > > >[EMAIL PROTECTED] > > > > > > > > >----- Original Message ----- > > >From: "The elephantwalker" <[EMAIL PROTECTED]> > > >To: "Orion-Interest" <[EMAIL PROTECTED]> > > >Sent: Friday, September 21, 2001 11:52 AM > > >Subject: RE: Questions about Orion > > > > > > > > > > Vlad, > > > > > > > > see comments... > > > > > > > > regards, > > > > > > > > the elephantwalker > > > > www.elephantwalker.com > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad > > > > Vinogradsky > > > > Sent: Friday, September 21, 2001 7:08 AM > > > > To: Orion-Interest > > > > Subject: RE: Questions about Orion > > > > > > > > > > > > Thanks for your response. Few follow-up questions. > > > > > > > > >By the way, Orion by itself can out do IIS by six to one!... > > > > In what scenario? > > > > <elephantwalker> > > > > Orion serving up jsp pages compared to asp pages from IIS. > > > > </elephantwalker> > > > > > > > > >... make sure you test the jdbc drivers with all necessary uses of >sql > > > > including > > > > >things like LIMIT, CLOB, BLOB as well as 100's of open connections. > > > > These are the key >database needs for a appserver servicing the web. > > > > What about resource/connection pooling? > > > > <elephantwalker> > > > > Orion uses connection pooling for its ejbs, and you can specify > > >connection > > > > pooling for your jdbc connections in orion with a DataSource > > >configuration. > > > > </elephantwalker> > > > > >Like anything, if you run it on Windows, it will be compromised. > > > > I was asking more about known Orion vulnerabilities? > > > > > > > > <elephantwalker> > > > > AFAIK, there are none if you take the following steps: > > > > > > > > 1. Run orion as a non administor user. > > > > 2. Do not use any of the script based servlets, such as php. > > > > 3. User jdbc drivers that support encrypted network traffic. Oracle >does > > > > this...I don't know about m$ sql server. > > > > > > > > > > > > However, Windows is known to have many security issues, and if your > > > > operating system security is compromised, the hackers will have >access > > >to > > > > the orion, and any other resources you have. > > > > > > > > I would recommend staying away from any windows system for any >internet > > > > application because the windows record on security is so BAD. You >should > > >see > > > > my internet logs the last few days ;(...filled with requests for >silly > > > > things on the c drive, something the frequently patched IIS is > > >vulnerable > > > > to, but which orion justs sends back a 404. > > > > > > > > In the past two years, I have seen no similar failure of Orion, nor >any > > > > complaints on the list. > > > > </elephantwalker> > > > > Thanks, > > > > > > > > Vlad > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]] On Behalf Of The > > > > elephantwalker > > >=== message truncated === > > >__________________________________________________ >Do You Yahoo!? >Get email alerts & NEW webcam video instant messaging with Yahoo! >Messenger. http://im.yahoo.com > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
