Yeah, ha :] Since I'm desperate, I'll try it out. Do I need to change the connectionURL or DriverClassName in the XML configuration file of tomcat, in order for this to work?
2011/3/7 André Warnier <[email protected]> > הילה wrote: > >> I read that JTDS (jtds-1.2.5.jar) is more stable and less buggy than JDBC >> of >> Microsoft. So I don't want to add more logs to the fire.. :] >> > > That's a funny thing to say, considering that it has a memory leak, and > that nobody is answering your calls for help on the jTDS list. > What about this one : > > http://msdn.microsoft.com/en-us/sqlserver/aa937724 > > > > > >> >> 2011/3/7 David kerber <[email protected]> >> >> On 3/7/2011 8:10 AM, הילה wrote: >>> >>> Hey, >>>> I cannot look for it in Microsoft, since the Java is of SUN, and the >>>> implementation is on the Java side, not the SQL Microsoft side. >>>> >>>> Microsoft may have a jdbc driver you could use, though. >>> >>> >>> D >>> >>> >>> >>> Option no' 1 :] >>>> User and password should not exist in clear text in the xml file. >>>> >>>> 2011/3/7 André Warnier<[email protected]> >>>> >>>> הילה wrote: >>>> >>>>> I'm using Microsoft SQL Server 2008, latest SP. >>>>> >>>>>> the use of domain user is used with the jtds package, which allows the >>>>>> tomcat service to authenticate to the DB with the presence of native >>>>>> SSPI >>>>>> DLL called ntlmauth.dll >>>>>> However, it generated a memory leak in the server. So I'm looking for >>>>>> alternatives. >>>>>> >>>>>> So, the problem now, correctly stated, is : >>>>>> >>>>>> - does there exist a Java driver for SQL Server 2008, which allows >>>>> for >>>>> NTLM >>>>> authentication with SQL Server, and does not have a memory leak ? >>>>> >>>>> (and I would think that Microsoft would be the place to look first) >>>>> >>>>> >>>>> But it is still a bad solution with respect to security, agreed ? >>>>> >>>>> It would still be interesting to know in what exact terms you were >>>>> given >>>>> this task. >>>>> Did they tell you >>>>> - that the userid and password should in no circumstances be stored in >>>>> clear in any file on the Tomcat server (even if this file cannot be >>>>> accessed >>>>> by anyone) ? >>>>> - or did they tell you : our security scanner found a file containing a >>>>> user-id and password; this is not acceptable ? >>>>> - or some other formulation ? >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >>> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
