You are using JDBC connection to oracle database. Just forget about tomcat. I cannot find out of the box jdbc 2fa feature from oracle.
> On Oct 23, 2018, at 11:03 AM, Will Nordmeyer <quark...@gmail.com> wrote: > > Chris, > > I understand all of that and am working all those concerns to the > PTB... but as with many management situations reality doesn't fit with > the "security" mindset. > On Tue, Oct 23, 2018 at 10:59 AM Christopher Schultz > <ch...@christopherschultz.net> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Will, >> >> On 10/23/18 10:44, Will Nordmeyer wrote: >>> I'm currently running Tomcat 7 (will likely migrate to 8 or 9 in >>> the next year). I tried working with Oracle on this with no >>> success. >>> >>> We have an Oracle Database connection defined within our web.xml >>> (see below). We need to convert to using 2 Factor (certificate?) >>> based Authentication. >>> >>> How do we convert from our embedded username password to 2FA >> >> Uhh... >> >> How would you enter your second-factor into the server? During service >> startup? What happens if the connection times-out and you have to >> re-authenticate? Do you want to be paged in the middle of the night to >> re-enter your 2FA code? How about 10 times per hour on 100 different >> servers? >> >> 2FA doesn't make any sense at all for services contacting other >> services. 2FA makes sense for humans contacting services because >> humans are so much worse at password management, social engineering >> resistance, etc. >> >> If you have a segment of your IT team mandating 2FA for database >> connections (even for services), tell them that THEY have to use THEIR >> 2FA credentials to unlock the database for YOUR services. See how long >> that policy survives. >> >> - -chris >> -----BEGIN PGP SIGNATURE----- >> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ >> >> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvPN1UACgkQHPApP6U8 >> pFgyzA//b2S8wolPV9oj9rnXikgcY+aKsWsO1eDOQ89lHLNAW/vZXXBp+imE15ec >> Ow211CgpoHvePTF6apUq0iW4zBi8xTil9ZbHHW8dcFICGtBrhOMvwzT6TBIJyPVw >> KJF/l3f1VBBDKyfuwmdHENuakRQazvT9dnd9YBN5QTzGvkYVaGmh6gEm4u/gz+bF >> Bncfb9ThLvPGKhNsS8mPlCS8bc/NDzjWPqaI+nQQWs2paSNHYEkgj7x0zSV0KOUV >> HmuhRdahcAm2Tmxd6uLdQtoizO+SvX7N6emPg0UPG1I0+pKoklWVhQsSahKG1a3f >> 9rmvaAXjiOdNFnxO6bwKWI6Q/2quJdV+77QA0MbqGMLngC38WlLfzIcB7ryfyhoh >> SwwNeCn6AkYaQ7AwdmaskTKW1QCB/k34KmcBzbxsf2V3ChWVDDHxqlzHGkg0P7DO >> Ctd8OAdWuhAErUxuXlNd3JOJqflOENtCB9WMPy5i2N71dZlnPhK/OUjtoE3U4dEj >> WiynhDHuOcXXOPo4+QuhvDBNoat/todKqh5SCVkEonSx/dPSTwMbpKkCdSwM7oTT >> dcYXEA+gb2fHIsARP6bsWDdxwhfuIhPWCtI/BVFYaXSeeVpSuUp4IF0/g3Geh26s >> w3IFH6aP95P8t+vxeIBnwdFDZddot4VbWCJOEOJSmgqP39OcHg4= >> =baEw >> -----END PGP SIGNATURE----- >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org