Hey, I cannot look for it in Microsoft, since the Java is of SUN, and the implementation is on the Java side, not the SQL Microsoft side.
Option no' 1 :] User and password should not exist in clear text in the xml file. 2011/3/7 André Warnier <a...@ice-sa.com> > הילה wrote: > >> I'm using Microsoft SQL Server 2008, latest SP. >> the use of domain user is used with the jtds package, which allows the >> tomcat service to authenticate to the DB with the presence of native SSPI >> DLL called ntlmauth.dll >> However, it generated a memory leak in the server. So I'm looking for >> alternatives. >> >> So, the problem now, correctly stated, is : > > - does there exist a Java driver for SQL Server 2008, which allows for NTLM > authentication with SQL Server, and does not have a memory leak ? > > (and I would think that Microsoft would be the place to look first) > > > But it is still a bad solution with respect to security, agreed ? > > It would still be interesting to know in what exact terms you were given > this task. > Did they tell you > - that the userid and password should in no circumstances be stored in > clear in any file on the Tomcat server (even if this file cannot be accessed > by anyone) ? > - or did they tell you : our security scanner found a file containing a > user-id and password; this is not acceptable ? > - or some other formulation ? > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
