Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

UserID and Password

3 posts in JDBC Connect (product renamed to JConnect) Last posting was on 1997-06-24 21:14:02.0Z
Perry Hoekstra Posted on 1997-06-23 21:33:11.0Z
Message-ID: <33AEEB97.161E@eds.com>
Date: Mon, 23 Jun 1997 15:33:11 -0600
From: Perry Hoekstra <cigcos.phoekstra@eds.com>
Reply-To: cigcos.phoekstra@eds.com
Organization: EDS
X-Mailer: Mozilla 3.01Gold (WinNT; I)
MIME-Version: 1.0
Subject: UserID and Password
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Newsgroups: sybase.public.jdbcconnect
Lines: 12
Path: forums-1-dub!forums-master.sybase.com!forums.powersoft.com
Xref: forums-1-dub sybase.public.jdbcconnect:644
Article PK: 252394

Has anybody come up with a solution to protect the UserID and Password
within an applet? Granted, it is in bytecode format but an enterprising
person could determine what they are and expose a database to
intrusion. All of my other ideas have come up against firewall
restrictions such as CORBA or platform dependency such as no RMI on MSIE
3.x.

Perry Hoekstra
EDS Intelligent & Object Systems Group
(612) 405-4531
lnusmsc.phoeks01@eds.com


Greg Comeau Posted on 1997-06-24 12:29:14.0Z
From: gcomeau@gcomeau.com (Greg Comeau)
Subject: Re: UserID and Password
Date: Tue, 24 Jun 1997 12:29:14 GMT
Message-ID: <33afbcd3.1957314@forums.powersoft.com>
References: <33AEEB97.161E@eds.com>
X-Newsreader: Forte Agent 1.01/32.397
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Newsgroups: sybase.public.jdbcconnect
Lines: 20
Path: forums-1-dub!forums-master.sybase.com!forums.powersoft.com
Xref: forums-1-dub sybase.public.jdbcconnect:641
Article PK: 252393

On Mon, 23 Jun 1997 15:33:11 -0600, Perry Hoekstra

<cigcos.phoekstra@eds.com> wrote:

>Has anybody come up with a solution to protect the UserID and Password
>within an applet? Granted, it is in bytecode format but an enterprising
>person could determine what they are and expose a database to
>intrusion. All of my other ideas have come up against firewall
>restrictions such as CORBA or platform dependency such as no RMI on MSIE
>3.x.
>

This problem is not unique to jConnect. Any 2-tier solution exposes
the database.

A 3-tier architecture is probably the best solution. It not only
solves this problem but has the advantage of scalability. Check out
Jaguar CTS. http://www.powersoft.com/products/jaguar/

------
Greg Comeau[Powersoft]


Perry Hoekstra Posted on 1997-06-24 21:14:02.0Z
Message-ID: <33B0389A.535C@eds.com>
Date: Tue, 24 Jun 1997 15:14:02 -0600
From: Perry Hoekstra <cigcos.phoekstra@eds.com>
Reply-To: cigcos.phoekstra@eds.com
Organization: EDS
X-Mailer: Mozilla 3.01Gold (WinNT; I)
MIME-Version: 1.0
Subject: Re: UserID and Password
References: <33AEEB97.161E@eds.com> <33afbcd3.1957314@forums.powersoft.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Newsgroups: sybase.public.jdbcconnect
Lines: 29
Path: forums-1-dub!forums-master.sybase.com!forums.powersoft.com
Xref: forums-1-dub sybase.public.jdbcconnect:635
Article PK: 252390


Greg Comeau wrote:
>
> On Mon, 23 Jun 1997 15:33:11 -0600, Perry Hoekstra
> <cigcos.phoekstra@eds.com> wrote:
>
> >Has anybody come up with a solution to protect the UserID and Password
> >within an applet? Granted, it is in bytecode format but an enterprising
> >person could determine what they are and expose a database to
> >intrusion. All of my other ideas have come up against firewall
> >restrictions such as CORBA or platform dependency such as no RMI on MSIE
> >3.x.
> >
>
> This problem is not unique to jConnect. Any 2-tier solution exposes
> the database.
>
> A 3-tier architecture is probably the best solution. It not only
> solves this problem but has the advantage of scalability. Check out
> Jaguar CTS. http://www.powersoft.com/products/jaguar/
>
> ------
> Greg Comeau[Powersoft]

Yes, I grant you that a 3-tier architecture is great but what is the
difference between having a database login embedded in my client applet
class and the security risks that entails or a Jaguar/JSession userid
and password embedded in my client applet class?

Perry Hoekstra
EDS