-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 John,
On 10/23/18 16:52, john.e.gr...@wellsfargo.com.INVALID wrote: > Will, > > >> -----Original Message----- From: Will Nordmeyer >> <quark...@gmail.com> Sent: Tuesday, October 23, 2018 9:45 AM To: >> Tomcat Users List <users@tomcat.apache.org> Subject: 2 Factor >> Authentication Tomcat 7 >> >> I'm currently running Tomcat 7 (will likely migrate to 8 or 9 in >> the next year). I tried working with Oracle on this with no >> success. >> >> We have an Oracle Database connection defined within our web.xml >> (see below). We need to convert to using 2 Factor (certificate?) >> based Authentication. >> >> How do we convert from our embedded username password to 2FA >> >> <context-param> <param-name>type</param-name> >> <param-value>SIMPLE</param-value> </context-param> >> >> <context-param> <param-name>datasource</param-name> <param-value> >> </param-value> </context-param> >> >> <context-param> <param-name>driver</param-name> >> <param-value>oracle.jdbc.OracleDriver</param-value> >> </context-param> >> >> <context-param> <param-name>url</param-name> >> <param-value>jdbc:oracle:thin:@//server:1521/SID</param-value> >> </context-param> >> >> <context-param> <param-name>username</param-name> >> <param-value>myuser</param-value> </context-param> >> >> <context-param> <param-name>password</param-name> >> <param-value>mypass</param-value> </context-param> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > Are you truly being asked to switch to 2FA? What is the > additional factor? Like others have said, supplying something like > a code from an RSA token sounds exceptionally difficult, however > that's not the only possibility. You mentioned a certificate, so > I'm wondering whether you're really being asked to do mutual > authentication, which involves a certificate, but is not as hard as > actual 2FA. I 100% agree that client-certs are a good thing to use for db authentication. I have no idea how to do it with Oracle, but the MySQL configuration isn't very complicated at all. Also, a cert is definitely "2FA". It's a second factor. It's actually something you "have". :) > Also, I assume you have some code that consumes those params from > your web.xml. If so, then you might have some flexibility to > change the code to do some other form of authentication. Yeah, like having a 2FA SMS token delivered via email, which your database driver retrieves and uses[1]. Sound complicated enough, yet? ;) - -chris [1] https://en.wikipedia.org/wiki/Jamie_Zawinski#Principles -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvPkJ0ACgkQHPApP6U8 pFhuRxAAhzY0UQqF/WNgB4PjFL+1eegiq2dSh4GZi1J+gOew5hxgB7m6ES7ir+uu 28Rqg2oUyP7rZ8Bu4ivUCMB96jACHLyoc1+zY140FFT0n4yNLizBCq1lQQADGe9Q dJnKHCN94lMDnt1GvG1qz4IkFck0nC9sqELlmFGcB8kuOE0PL1maEi4edpZ5YqHR xGSrDF2ocwnQruvI6i9/dkJcQgM9kuStjgWYUF7vlPmeUkTD4WwU0gTNgObiUNAf 1AK1N8+N1UBazQCPuBcm03EDogg5A86+hPXrg2C4YtC8H1CjiSi0ZopHCTB7hkSo WS7W4OfbZjKIS57OkqM1Bw/07b05LphQDtFQIEwDdp7LwNpDtwTh5asckbwZE9jU lpykfQTXhH3QEAqDdpbcHruJtF/pyYyNPppt40Ff9g0cs4ja0OektkqPDfiYpP1E 6aA+53bOat1V6iSDcVbwTNMDREkDXeTnqyttHefvjNpsYNa5vXgf1Xn2gpBkV7fX bTGxgh3R6ItNKYYbvfIt8POHAW9641Ybs891C6w4ZL3yqlfNk9YCMP2ZZE0XCjbs b2xBRkH87JGHdLrZ6nLXs1vn3i8uMX/FOIrYOowMMNeIuLsbg246MCuC+D5Lp745 j1uK8b9cvPNQLndZ0FdFycxjSEmkBnazcjJoi3RjAXESTL55yik= =svgu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org