Re: Tomcat NTLM Authentication

Mon, 07 Mar 2011 05:55:12 -0800 

On 3/7/2011 8:27 AM, הילה wrote:

I read that JTDS (jtds-1.2.5.jar) is more stable and less buggy than JDBC of
Microsoft. So I don't want to add more logs to the fire.. :]



As Andre says, the one you're using now seems to be rather buggy.  We 
have been using the Microsoft driver for a few months now with no 
trouble, though we're not using NTLM authentication with it, and the SQL 
we're using isn't very demanding.





2011/3/7 David kerber<dcker...@verizon.net>


On 3/7/2011 8:10 AM, הילה wrote:


Hey,
I cannot look for it in Microsoft, since the Java is of SUN, and the
implementation is on the Java side, not the SQL Microsoft side.



Microsoft may have a jdbc driver you could use, though.


D




Option no' 1 :]
User and password should not exist in clear text in the xml file.

2011/3/7 André Warnier<a...@ice-sa.com>

  הילה wrote:


  I'm using Microsoft SQL Server 2008, latest SP.

the use of domain user is used with the jtds package, which allows the
tomcat service to authenticate to the DB with the presence of native
SSPI
DLL called ntlmauth.dll
However, it generated a memory leak in the server. So I'm looking for
alternatives.

  So, the problem now, correctly stated, is :



- does there exist a Java driver for SQL Server 2008, which allows for
NTLM
authentication with SQL Server, and does not have a memory leak ?

(and I would think that Microsoft would be the place to look first)


But it is still a bad solution with respect to security, agreed ?

It would still be interesting to know in what exact terms you were given
this task.
Did they tell you
- that the userid and password should in no circumstances be stored in
clear in any file on the Tomcat server (even if this file cannot be
accessed
by anyone) ?
- or did they tell you : our security scanner found a file containing a
user-id and password; this is not acceptable ?
- or some other formulation ?



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



























					Reply via email to