If you have to rely on how many columns a query returns it is very likely that your database is not properly normalised so look there first. It could be that ODBC does not support the number of columns metadata but I am not sure. Your problems should be solved with your move to mySQL; I recall having used that method on mySQL JDBC with success in the past. Justin -----Original Message----- From: Emeline Barns [mailto:[EMAIL PROTECTED]] Sent: 22 September 2001 08:10 To: Orion-Interest Subject: Re: mySQL Hi Ray, Thank you very much for your help. Yes, I amusing jdbc-odbc bridge, but I am not sure if put on shared drive it canhold 25 simaltenous connection without crashing. Besides, when I am selecting data from first table using String sqlStatement = "Select * from " + first_table+ "," +second_table + " where " + filed_name + " Like '%" + keyword + "%'"; and what to know number of columns selected col_number = rsmd.getColumnCount(); it gives me number of columns from 2 tables.When I want to find to which table this column belongs table_name = rsmd.getTableName(1); it gives me empty String. So still do not know how to find the real number of columns selected. Elena >From: Ray Harrison <[EMAIL PROTECTED]> >Reply-To: Orion-Interest <[EMAIL PROTECTED]> >To: Orion-Interest <[EMAIL PROTECTED]> >Subject: Re: mySQL >Date: Sat, 22 Sep 2001 02:57:41 -0700 (PDT) > >Emeline - >Go to http://mmmysql.sourceforge.net/ and you can pick up the latest jdbc >driver jar file (works >anywhere). You should be able to export your access tables to delimited >files and then load them >into mysql. With Access, you can use the JDBC-ODBC bridge to get at the >data if you are interested >in pursuing that avenue. > > >Cheers >Ray >--- Emeline Barns <[EMAIL PROTECTED]> wrote: > > Hi gurus, > > I have databases created in MS Access and using JDBC-ODBC for connection > > which is not great. > > My application have to hold under 30 connections. I tested my PC to run >20 > > instances of the program, and it worked. Does this mean that it will be > > working when installed on shared drive? > > I tried to switch to mySQL, butcannot yet find the JDBC driver for > > WindowsNT(only Linux). Also I need to export my databases from Access to > > MySQL which I have not found as well. > > May be there are some free JDBC drivers for Access which I am not aware. >I > > make this program for non=profitable organization which has no money to >buy > > drivers. > > Any help will be appreciated. > > Emeline > > > > > > >From: "Michael J. Cannon" <[EMAIL PROTECTED]> > > >Reply-To: Orion-Interest <[EMAIL PROTECTED]> > > >To: Orion-Interest <[EMAIL PROTECTED]> > > >CC: <[EMAIL PROTECTED]> > > >Subject: Re: Orion Security (WAS:RE:Questions About Orion) > > >Date: Fri, 21 Sep 2001 15:27:42 -0500 > > > > > >Vlad, > > > > > >As in any App Server environment on the Web, the security >vulnerabilities > > >of > > >the Orion App Server are on two fronts: > > > > > >Server-side: > > >Orionserver Security Primer: > > >http://www.jollem.com/~ernst/orion-security-primer/ > > >Java Best Practices for Server-side Security: > > >From Sun: > > >J2EE: > > >The Tutorial: > > >http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Security.html > > >The Security Blueprint: > > >http://java.sun.com/j2ee/blueprints/eis_tier/security/index.html > > >Platform Spec for v.1.3 (go to the Security Bookmark in the .pdf) > > >http://java.sun.com/j2ee/j2ee-1_3-pfd4-spec.pdf > > > > > >Additionally, there are potential vulnerabilities in the HTTP server, >the > > >plug-in architecture (especially when using CGI and PHP, Python, Perl >or > > >Jpython scripts/executables - allowed in Orion and rather easy to do, >as > > >well as being very fast). There was a general discussion about >Java-based > > >HTTP webservers at the WWW Mobile code forum > > > >(link:http://www.securityfocus.com/templates/archive.pike?end=2001-09-22&ti d > > >=196606&start=2001-09-16&list=107&threads=0&), but it didn't resolve > > >anything. Bottom line: in general, currently both the HTTP and >Java/J2EE > > >functionality of the Orion Server is safe from all known exploits and > > >vulnerabilities in the wild, with the possible exception of a DoS due >to > > >transparent proxying on the server (Cisco Routers and Xerox Printers, >as > > >well as most Cable and DSL modems are similarly vulnerable). Orion is >no > > >more vulnerable than Apache/Tomcat or IIS, and, as recent history has > > >proven, is actually far less vulnerable than the Microsoft products for > > >similar functionality (as well as being FAR faster and easier to >develop > > >for - Link: http://www.orionserver.com/benchmarks/benchmark.html , >sadly, > > >the BEAst will not allow Orion to continue to publlish stats, but you >can > > >read about that following the links:). > > > > > >The second major place that any J2EE AppServer is in the database. >'Nuff > > >said, separate issue and separate practices. Use a secured (wrappered >or > > >tunneled with encruyption) HTTP or RMI connection to the database all >JDBC > > >connections. Secure the JDBC datastream and securew the database >according > > >to the best practices you may choose. > > > > > >The final place on the server-side that any J2EE or other App server is > > >vulnerable is the environment. Nail down the ACLs for your specific > > >environment and pay attention to the OS and the various other sevices >and > > >apps you are running on the box (including the security services - >just > > >had > > >to repair a Symantec-installed hole left when they put their IDS tools >on > > >the production box!). Pay attention to domain and network issues, and >keep > > >the network clean and properly configured. Most Orion or Oracle > > >penetrations I've seen/heard of were actually BIND exploits or port53 >DNS > > >issues. > > > > > >With the advent of NIMDA, we see another vector for attacks: the >client > > >program. With a few exceptions, Java AppServers are uniquely >invulnerable > > >to this new vector. > > >Sun Client-side Security Note: > > > >http://java.sun.com/j2se/1.3.0/docs/guide/security/spec/security-specTOC.fm . > > >html > > > > > >So, keep aware of general security threats, code to best practices, >test > > >developers' code for exploits before putting it into production (85% of >all > > >losses in the IT enterprise space are inside jobs) and be aware of >normal > > >security precautions. > > > > > >For Solaris tools see: > > >http://www.solaris4you.dk/sunsolaris.html > > > > > >and, I'm testing the Astaro Security Linux implementation (and have > > >installed it for 3 clients who use Orion or Oracle 9AS with OC4J) so >far > > >successfully. I include a few additional patches and configuration > > >changes, > > >but, in general it seems to work well. Link: > > >http://www.astaro.com > > >and > > >http://www.astaro.org > > > > > >Comes with Enterprise VPN and AV support, too. > > > > > >Also having luck with Net Screen > > >http://www.netscreen.com/products/index.html > > > > > >Hope all this was of assistance. Contact me offline if you have any >more > > >specific questions on Oracle, OAS or Orion Security. We also test > > >Enterprise domain-level security and manage PKI infrastructures. > > > > > >Michael J. Cannon > > >[EMAIL PROTECTED] > > >PM/COO-hsqldb.org, Inc. > > >http://hsqldb.org > > > > > >President, Ubiquicomm - Home of the Grupo Para Bellum Security Team > > >http://www.ubiquicomm.com > > >[EMAIL PROTECTED] > > > > > > > > >----- Original Message ----- > > >From: "The elephantwalker" <[EMAIL PROTECTED]> > > >To: "Orion-Interest" <[EMAIL PROTECTED]> > > >Sent: Friday, September 21, 2001 11:52 AM > > >Subject: RE: Questions about Orion > > > > > > > > > > Vlad, > > > > > > > > see comments... > > > > > > > > regards, > > > > > > > > the elephantwalker > > > > www.elephantwalker.com > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]]On Behalf Of Vlad > > > > Vinogradsky > > > > Sent: Friday, September 21, 2001 7:08 AM > > > > To: Orion-Interest > > > > Subject: RE: Questions about Orion > > > > > > > > > > > > Thanks for your response. Few follow-up questions. > > > > > > > > >By the way, Orion by itself can out do IIS by six to one!... > > > > In what scenario? > > > > <elephantwalker> > > > > Orion serving up jsp pages compared to asp pages from IIS. > > > > </elephantwalker> > > > > > > > > >... make sure you test the jdbc drivers with all necessary uses of >sql > > > > including > > > > >things like LIMIT, CLOB, BLOB as well as 100's of open connections. > > > > These are the key >database needs for a appserver servicing the web. > > > > What about resource/connection pooling? > > > > <elephantwalker> > > > > Orion uses connection pooling for its ejbs, and you can specify > > >connection > > > > pooling for your jdbc connections in orion with a DataSource > > >configuration. > > > > </elephantwalker> > > > > >Like anything, if you run it on Windows, it will be compromised. > > > > I was asking more about known Orion vulnerabilities? > > > > > > > > <elephantwalker> > > > > AFAIK, there are none if you take the following steps: > > > > > > > > 1. Run orion as a non administor user. > > > > 2. Do not use any of the script based servlets, such as php. > > > > 3. User jdbc drivers that support encrypted network traffic. Oracle >does > > > > this...I don't know about m$ sql server. > > > > > > > > > > > > However, Windows is known to have many security issues, and if your > > > > operating system security is compromised, the hackers will have >access > > >to > > > > the orion, and any other resources you have. > > > > > > > > I would recommend staying away from any windows system for any >internet > > > > application because the windows record on security is so BAD. You >should > > >see > > > > my internet logs the last few days ;(...filled with requests for >silly > > > > things on the c drive, something the frequently patched IIS is > > >vulnerable > > > > to, but which orion justs sends back a 404. > > > > > > > > In the past two years, I have seen no similar failure of Orion, nor >any > > > > complaints on the list. > > > > </elephantwalker> > > > > Thanks, > > > > > > > > Vlad > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED]] On Behalf Of The > > > > elephantwalker > > >=== message truncated === > > >__________________________________________________ >Do You Yahoo!? >Get email alerts & NEW webcam video instant messaging with Yahoo! >Messenger. http://im.yahoo.com > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
